<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, May 18, 2017 at 10:13 AM, Gervase Markham <span dir="ltr"><<a href="mailto:gerv@mozilla.org" target="_blank">gerv@mozilla.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 17/05/17 17:40, Ryan Sleevi via Public wrote:<br>
> As such, it's unclear what the intended outcome of this is. Is it meant<br>
> to be binding on CAs? If so, we should look to be more explicit.<br>
<br>
</span>The intent is to be explicit about what is currently implicit; there was<br>
a message to this list a while back saying that all methods except IP<br>
Address were suitable for issuance of wildcards, but that required a<br>
very close reading of the text, and it seemed to make sense to make it<br>
explicit.<br>
<br>
So yes, it's intended to be normative.<br></blockquote><div><br></div><div>Would you be open to addressing it in a separate ballot, so that we can work through the issues and nuance here (and in relation to authorized domain names and base domain names)?</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<span class=""><br>
> It's also unclear whether the 'intent' of the wildcard certificate was<br>
> also to encompass the validation of subdomains, or their use in<br>
> Authorization Domain Names.<br>
<br>
</span>At one point in one draft, the phrase covered both.<br></blockquote><div><br></div><div>I see. Was this just a private draft? I'm trying to better understand what has been explored and discussed, to make more productive contributions.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I think it was Peter who did the analysis; but again, the aim here is to<br>
make clear existing rules, not to make new rules. If we are failing in<br>
that, we should change it. If you want to change the rules, that would<br>
probably be a separate ballot :-)<br></blockquote><div><br></div><div>The fact that you highlighted it requires a very strict reading, but I'm having trouble of finding that discussion, suggests that it's reasonable that some folks may see even the 'notes' as introducing new rules.</div><div><br></div><div>Certainly, we saw a number of CAs feeling that the 'data reuse' was new rules, despite it also being long-standing in the BRs through reading, and what CAs voted on (in Ballot 169). </div></div></div></div>