<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Calibri",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoPlainText">Paul - how does this look? Thanks for your help.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText" style="margin-left:.5in">Note: Once the FQDN has been validated using this method, the CA MAY also issue Certificates for other FQDNs that have more labels than the validated FQDN and end in the validated FQDN. This method is suitable
for validating Wildcard Domain Names.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">-----Original Message-----<br>
From: Paul Hoffman [mailto:paul.hoffman@icann.org] <br>
Sent: Friday, June 30, 2017 3:17 PM<br>
To: Kirk Hall <Kirk.Hall@entrustdatacard.com>; CA/Browser Forum Public Discussion List <public@cabforum.org><br>
Subject: [EXTERNAL]Re: [Ext] [cabfpub] Updated Ballot 190 v3 dated June 30, 2017</p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><raises his hand meekly><o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">> On Jun 30, 2017, at 3:04 PM, Kirk Hall via Public <<a href="mailto:public@cabforum.org"><span style="color:windowtext;text-decoration:none">public@cabforum.org</span></a>> wrote:<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> “Note: Once the FQDN has been validated using this method, the CA MAY also issue Certificates for other FQDNs that end in the validated FQDN. This method is suitable for validating Wildcard Domain Names.”<o:p></o:p></p>
<p class="MsoPlainText">> <o:p></o:p></p>
<p class="MsoPlainText">> We think that is short and simple, and can’t be misconstrued.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">It can be misconstrued, and similar wording has been misconstrued in DNS software in the past.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">For a validated FQDN of "example.com", "accounting-example.com" is an FQDN that ends in the validated FQDN.
<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">If you mean "has more labels than the validated FQDN" (as I suspect that you do), it is probably worthwhile to say that directly.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">--Paul Hoffman<o:p></o:p></p>
</div>
</body>
</html>