<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">Huh? Why would you need to use UTF8String?</div><div class=""><br class=""></div><div class="">IA5String allows underscore characters, as it is a super set of X3.4 (1968). It also allows $, %, &, *, +, @ and many other characters. </div><div class=""><br class=""></div><div class="">Were you maybe confusing IA5String with PrintableString, where the latter does not allow underscore, @, etc?</div><br class=""><div><blockquote type="cite" class=""><div class="">On Apr 11, 2017, at 1:42 PM, Ryan Sleevi via Public <<a href="mailto:public@cabforum.org" class="">public@cabforum.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html; charset=utf-8" class=""><div dir="ltr" class="">No, encoding it as a UTF8String is not valid in the subjectAltName (whose type dNSName is defined as IA5String)</div><div class="gmail_extra"><br class=""><div class="gmail_quote">On Tue, Apr 11, 2017 at 4:31 PM, Ben Wilson via Public <span dir="ltr" class=""><<a href="mailto:public@cabforum.org" target="_blank" class="">public@cabforum.org</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="blue" vlink="purple" class=""><div class="m_-4513551521713594733WordSection1"><p class="MsoNormal"><a name="m_-4513551521713594733__MailEndCompose" class=""><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" class="">If the ballot were amended to address only underscore characters (and delete outdated content), would there be any endorsers? See attached.<u class=""></u><u class=""></u></span></a></p><p class="MsoNormal"><span class=""><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" class=""><u class=""></u> <u class=""></u></span></span></p><div class=""><span class=""><p class="MsoNormal" style="margin-bottom:2.0pt"><span class=""><b class=""><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#0174c3" class="">Ben Wilson, JD, CISA, CISSP<u class=""></u><u class=""></u></span></b></span></p><p class="MsoNormal" style="margin-bottom:2.0pt"><span class=""><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#686869" class="">VP Compliance<u class=""></u><u class=""></u></span></span></p><p class="MsoNormal" style="margin-bottom:2.0pt"><span class=""><span style="font-size:11.0pt;font-family:"Arial",sans-serif;color:#686869" class=""><a href="tel:(801)%20701-9678" value="+18017019678" target="_blank" class="">+1 801 701 9678</a><u class=""></u><u class=""></u></span></span></p></span><p class="MsoNormal"><span class=""><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" class=""><span id="cid:image003.jpg@01D2B2D0.4202D7F0"><image003.jpg></span><u class=""></u><u class=""></u></span></span></p></div><p class="MsoNormal"><span class=""><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" class=""><u class=""></u> <u class=""></u></span></span></p><span class=""></span><div class=""><div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in" class=""><p class="MsoNormal"><b class=""><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" class="">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" class=""> Public [mailto:<a href="mailto:public-bounces@cabforum.org" target="_blank" class="">public-bounces@<wbr class="">cabforum.org</a>] <b class="">On Behalf Of </b>Peter Bowen via Public<br class=""><b class="">Sent:</b> Tuesday, April 11, 2017 10:23 AM<span class=""><br class=""><b class="">To:</b> CA/Browser Forum Public Discussion List <<a href="mailto:public@cabforum.org" target="_blank" class="">public@cabforum.org</a>><br class=""></span><b class="">Cc:</b> Peter Bowen <<a href="mailto:pzb@amzn.com" target="_blank" class="">pzb@amzn.com</a>></span></p><div class=""><div class="h5"><br class=""><b class="">Subject:</b> Re: [cabfpub] RFC5280-related Ballot - For Discussion<u class=""></u><u class=""></u></div></div><div class=""><br class="webkit-block-placeholder"></div></div></div><div class=""><div class="h5"><p class="MsoNormal"><u class=""></u> <u class=""></u></p><div class=""><div class=""><div class=""><p class="MsoNormal">I agree. There seems to be quite a bit of opposition on the PKIX list to extending the length. It was reasonably pointed out that things that process ASN.1 according to the schema will break.<u class=""></u><u class=""></u></p></div><div class=""><p class="MsoNormal"><u class=""></u> <u class=""></u></p></div><div class=""><p class="MsoNormal">However I would point out that this also rolls the other way — adding underscore should be safe, as the ASN.1 schema already allows this.<u class=""></u><u class=""></u></p></div><p class="MsoNormal"><u class=""></u> <u class=""></u></p><div class=""><blockquote style="margin-top:5.0pt;margin-bottom:5.0pt" class=""><div class=""><p class="MsoNormal">On Apr 10, 2017, at 12:33 PM, Ryan Sleevi via Public <<a href="mailto:public@cabforum.org" target="_blank" class="">public@cabforum.org</a>> wrote:<u class=""></u><u class=""></u></p></div><p class="MsoNormal"><u class=""></u> <u class=""></u></p><div class=""><div class=""><p class="MsoNormal">That's an interesting take. I read the same discussions and took quite the opposite conclusion.<u class=""></u><u class=""></u></p></div><div class=""><p class="MsoNormal"><u class=""></u> <u class=""></u></p><div class=""><p class="MsoNormal">On Mon, Apr 10, 2017 at 3:23 PM, Ben Wilson via Public <<a href="mailto:public@cabforum.org" target="_blank" class="">public@cabforum.org</a>> wrote:<u class=""></u><u class=""></u></p><blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt" class=""><div class=""><div class=""><p class="MsoNormal"><a name="m_-4513551521713594733_m_7505427164939490235__MailEndCompose" class=""><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" class="">All,</span></a><u class=""></u><u class=""></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" class=""> </span><u class=""></u><u class=""></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" class="">I’ve posted the proposal to the PKIX list and haven’t heard sufficient opposition on that list, IMHO, that would merit holding up this proposed revision to the Baseline Requirements. I need two endorsers for a ballot.</span><u class=""></u><u class=""></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" class=""> </span><u class=""></u><u class=""></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" class="">Thanks,</span><u class=""></u><u class=""></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" class=""> </span><u class=""></u><u class=""></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" class="">Ben </span><u class=""></u><u class=""></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" class=""> </span><u class=""></u><u class=""></u></p><p class="MsoNormal"><b class=""><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" class="">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" class=""> Ryan Sleevi [mailto:</span><a href="mailto:sleevi@google.com" target="_blank" class=""><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" class="">sleevi@google.com</span></a><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" class="">] <br class=""><b class="">Sent:</b> Monday, April 3, 2017 9:59 AM<br class=""><b class="">To:</b> CA/Browser Forum Public Discussion List <</span><a href="mailto:public@cabforum.org" target="_blank" class=""><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" class="">public@cabforum.org</span></a><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" class="">><br class=""><b class="">Cc:</b> Ben Wilson <</span><a href="mailto:ben.wilson@digicert.com" target="_blank" class=""><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" class="">ben.wilson@digicert.com</span></a><span style="font-size:11.0pt;font-family:"Calibri",sans-serif" class="">><br class=""><b class="">Subject:</b> Re: [cabfpub] RFC5280-related Ballot - For Discussion</span><u class=""></u><u class=""></u></p><div class=""><div class=""><p class="MsoNormal"> <u class=""></u><u class=""></u></p><div class=""><p class="MsoNormal">For those who want to understand why the IETF rejected this change, the thread begins at <u class=""></u><u class=""></u></p><div class=""><p class="MsoNormal"> <u class=""></u><u class=""></u></p></div><div class=""><p class="MsoNormal"><a href="https://mailarchive.ietf.org/arch/msg/pkix/MJwKL1lqRDuEAhqQ1Ydb5eWBSIs/?qid=ace7ed4844045716922706d6a80b0747" target="_blank" class="">https://mailarchive.ietf.org/<wbr class="">arch/msg/pkix/<wbr class="">MJwKL1lqRDuEAhqQ1Ydb5eWBSIs/?<wbr class="">qid=<wbr class="">ace7ed4844045716922706d6a80b07<wbr class="">47</a><u class=""></u><u class=""></u></p></div><div class=""><p class="MsoNormal"> <u class=""></u><u class=""></u></p></div><div class=""><p class="MsoNormal">You can also see <a href="https://datatracker.ietf.org/liaison/376/" target="_blank" class="">https://datatracker.ietf.<wbr class="">org/liaison/376/</a> and the discussion at <a href="https://www.ietf.org/mail-archive/web/pkix/current/msg02361.html" target="_blank" class="">https://www.ietf.org/mail-<wbr class="">archive/web/pkix/current/<wbr class="">msg02361.html</a><u class=""></u><u class=""></u></p></div><div class=""><p class="MsoNormal"> <u class=""></u><u class=""></u></p></div><div class=""><p class="MsoNormal">This was reviewed prior to the production of 5280 - that is, it was known at the time 5280 was produced, and was decided not to adopt - see <a href="https://www.ietf.org/mail-archive/web/pkix/current/msg02357.html" target="_blank" class="">https://www.ietf.org/mail-<wbr class="">archive/web/pkix/current/<wbr class="">msg02357.html</a> and <a href="https://www.ietf.org/mail-archive/web/pkix/current/msg02336.html" target="_blank" class="">https://www.ietf.org/mail-<wbr class="">archive/web/pkix/current/<wbr class="">msg02336.html</a><u class=""></u><u class=""></u></p></div></div><div class=""><p class="MsoNormal"> <u class=""></u><u class=""></u></p><div class=""><p class="MsoNormal">On Mon, Apr 3, 2017 at 11:22 AM, Ben Wilson via Public <<a href="mailto:public@cabforum.org" target="_blank" class="">public@cabforum.org</a>> wrote:<u class=""></u><u class=""></u></p><blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt" class=""><div class=""><div class=""><p class="MsoNormal">Here is a redlined version of sections 7.1.4.2.1 and 7.1.4.2.2 of the Baseline Requirements which proposes amendments to the way the Baseline Requirements handle the maximum length for subjectAltName, commonName and organizationName and also clarifies the use of the underscore character.<u class=""></u><u class=""></u></p><p class="MsoNormal"> <u class=""></u><u class=""></u></p><p class="MsoNormal"> <u class=""></u><u class=""></u></p><p class="MsoNormal" style="margin-bottom:2.0pt"><b class=""><span style="font-family:"Arial",sans-serif;color:#0174c3" class="">Ben Wilson, JD, CISA, CISSP</span></b><u class=""></u><u class=""></u></p><p class="MsoNormal" style="margin-bottom:2.0pt"><span style="font-family:"Arial",sans-serif;color:#686869" class="">VP Compliance</span><u class=""></u><u class=""></u></p><p class="MsoNormal" style="margin-bottom:2.0pt"><a href="tel:(801)%20701-9678" target="_blank" class=""><span style="font-family:"Arial",sans-serif" class="">+1 801 701 9678</span></a><u class=""></u><u class=""></u></p><p class="MsoNormal"><image003.jpg><u class=""></u><u class=""></u></p><p class="MsoNormal"> <u class=""></u><u class=""></u></p></div></div><p class="MsoNormal" style="margin-bottom:12.0pt"><br class="">______________________________<wbr class="">_________________<br class="">Public mailing list<br class=""><a href="mailto:Public@cabforum.org" target="_blank" class="">Public@cabforum.org</a><br class=""><a href="https://cabforum.org/mailman/listinfo/public" target="_blank" class="">https://cabforum.org/mailman/<wbr class="">listinfo/public</a><u class=""></u><u class=""></u></p></blockquote></div><p class="MsoNormal"> <u class=""></u><u class=""></u></p></div></div></div></div></div><p class="MsoNormal" style="margin-bottom:12.0pt"><br class="">______________________________<wbr class="">_________________<br class="">Public mailing list<br class=""><a href="mailto:Public@cabforum.org" target="_blank" class="">Public@cabforum.org</a><br class=""><a href="https://cabforum.org/mailman/listinfo/public" target="_blank" class="">https://cabforum.org/mailman/<wbr class="">listinfo/public</a><u class=""></u><u class=""></u></p></blockquote></div><p class="MsoNormal"><u class=""></u> <u class=""></u></p></div><p class="MsoNormal">______________________________<wbr class="">_________________<br class="">Public mailing list<br class=""><a href="mailto:Public@cabforum.org" target="_blank" class="">Public@cabforum.org</a><br class=""><a href="https://cabforum.org/mailman/listinfo/public" target="_blank" class="">https://cabforum.org/mailman/<wbr class="">listinfo/public</a><u class=""></u><u class=""></u></p></div></blockquote></div><p class="MsoNormal"><u class=""></u> <u class=""></u></p></div></div></div></div></div></div><br class="">______________________________<wbr class="">_________________<br class="">
Public mailing list<br class="">
<a href="mailto:Public@cabforum.org" class="">Public@cabforum.org</a><br class="">
<a href="https://cabforum.org/mailman/listinfo/public" rel="noreferrer" target="_blank" class="">https://cabforum.org/mailman/<wbr class="">listinfo/public</a><br class="">
<br class=""></blockquote></div><br class=""></div>
_______________________________________________<br class="">Public mailing list<br class=""><a href="mailto:Public@cabforum.org" class="">Public@cabforum.org</a><br class="">https://cabforum.org/mailman/listinfo/public<br class=""></div></blockquote></div><br class=""></body></html>