<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Jun 22, 2017, at 12:31 PM, Phillip <<a href="mailto:philliph@comodo.com" class="">philliph@comodo.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="WordSection1" style="page: WordSection1; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class="">It is not clear which of us you are responding to.<o:p class=""></o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Let us consider the case proposed:<o:p class=""></o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><ul type="disc" style="margin-bottom: 0in; margin-top: 0in;" class=""><li class="MsoListParagraph" style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;">Domain<span class="Apple-converted-space"> </span><a href="http://example.com/" style="color: purple; text-decoration: underline;" class="">example.com</a><span class="Apple-converted-space"> </span>has an issue entry for CA<span class="Apple-converted-space"> </span><a href="http://alice.com/" style="color: purple; text-decoration: underline;" class="">alice.com</a><span class="Apple-converted-space"> </span>but no issuewild<o:p class=""></o:p></li><li class="MsoListParagraph" style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;">Certificate requested for *.<a href="http://example.com/" style="color: purple; text-decoration: underline;" class="">example.com</a><span class="Apple-converted-space"> </span>from<span class="Apple-converted-space"> </span><a href="http://bob.com/" style="color: purple; text-decoration: underline;" class="">bob.com</a><o:p class=""></o:p></li></ul><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class="">So section 5.3 does not apply. There is no issuewild to take priority.<span class="Apple-converted-space"> </span><o:p class=""></o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class="">The request has a wildcard so the requirement to ignore issuewild records for a non wildcard does not apply.<o:p class=""></o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class="">No issuewild properties are specified. So the second part does not apply.</div></div></div></blockquote><br class=""></div><div>Agreed.</div><div><br class=""></div><div>However a certificate requested for *.<a href="http://example.com" class="">example.com</a> from <a href="http://alice.com" class="">alice.com</a> would be allowed to issue with the records you show in your example.</div><div><br class=""></div><div>Thanks,</div><div>Peter</div></body></html>