<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><font face="Calibri">To me too.</font><br>
</p>
<br>
<div class="moz-cite-prefix">Il 19/07/2017 23:10, Ben Wilson ha
scritto:<br>
</div>
<blockquote type="cite"
cite="mid:a6576614b1584a8199477f39ed326c3e@EX2.corp.digicert.com">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"MS Gothic";
panose-1:2 11 6 9 7 2 5 8 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"\@MS Gothic";
panose-1:2 11 6 9 7 2 5 8 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.apple-tab-span
{mso-style-name:apple-tab-span;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Consolas",serif;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><a name="_MailEndCompose"
moz-do-not-send="true">Looks good to me.<o:p></o:p></a></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal" style="margin-bottom:2.0pt"><span
style="mso-bookmark:_MailEndCompose"><b><span
style="font-family:"Arial",sans-serif;color:#0174C3">Ben
Wilson, JD, CISA, CISSP<o:p></o:p></span></b></span></p>
<p class="MsoNormal" style="margin-bottom:2.0pt"><span
style="mso-bookmark:_MailEndCompose"><span
style="font-family:"Arial",sans-serif;color:#686869">VP
Compliance<o:p></o:p></span></span></p>
<p class="MsoNormal" style="margin-bottom:2.0pt"><span
style="mso-bookmark:_MailEndCompose"><span
style="font-family:"Arial",sans-serif;color:#686869">+1
801 701 9678<o:p></o:p></span></span></p>
<p class="MsoNormal"><span
style="mso-bookmark:_MailEndCompose"><img
style="width:1.3875in;height:.3in" id="Picture_x0020_1"
src="cid:part2.2A567CFD.DE1A1395@staff.aruba.it"
class="" height="29" width="133"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><o:p> </o:p></span></p>
<span style="mso-bookmark:_MailEndCompose"></span>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Public
[<a class="moz-txt-link-freetext" href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>] <b>On Behalf Of </b>Peter
Bowen via Public<br>
<b>Sent:</b> Wednesday, July 19, 2017 12:07 PM<br>
<b>To:</b> Adriano Santoni
<a class="moz-txt-link-rfc2396E" href="mailto:adriano.santoni@staff.aruba.it"><adriano.santoni@staff.aruba.it></a>; CA/Browser Forum
Public Discussion List <a class="moz-txt-link-rfc2396E" href="mailto:public@cabforum.org"><public@cabforum.org></a><br>
<b>Subject:</b> Re: [cabfpub] [EXTERNAL]Re: Problems with
Ballot 202<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Adriano,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">An earlier draft of this did call out the
specific characters, but the feedback from Kirk was that
adding the technical detail caused it to have “no meaning”.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">(<a
href="https://cabforum.org/pipermail/public/2017-June/011361.html"
moz-do-not-send="true">https://cabforum.org/pipermail/public/2017-June/011361.html</a>)<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Merging all the recent suggestions, we
get something like:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><span class="apple-tab-span">
</span>A string starting with "*." (U+002A ASTERISK, U+002E
FULL STOP) immediately followed by a Fully-Qualified Domain
Name.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">This clarifies that "⁎<span
style="font-family:"MS Gothic"">.</span>” is not
acceptable.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">What do people think?<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Thanks,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Peter<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">On Jul 19, 2017, at 8:09 AM, Adriano
Santoni via Public <<a
href="mailto:public@cabforum.org"
moz-do-not-send="true">public@cabforum.org</a>>
wrote:<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif;background:white">How
about further specifying that the string '*' (that a
Wildcard Domain Name starts with) is made up of one
(1) ASCII character with code 0x2A ?</span><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif"><br>
<br>
<span style="background:white">(that is, the Unicode
"low asterisk" and "asterisk above" characters are
not acceptable there :) )</span><br>
<br>
<span style="background:white">If we are going to
clarify things, better be super-clear!</span><br>
<br>
<span style="background:white">Adriano</span><br>
<br style="font-variant-caps:
normal;text-align:start;-webkit-text-stroke-width:
0px;word-spacing:0px">
<br>
</span><o:p></o:p></p>
<div>
<p class="MsoNormal" style="background:white"><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif">Il
19/07/2017 04:15, Wayne Thayer via Public ha
scritto:<o:p></o:p></span></p>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt;font-variant-caps:
normal;orphans: auto;text-align:start;widows:
auto;-webkit-text-size-adjust:
auto;-webkit-text-stroke-width: 0px;word-spacing:0px">
<div>
<p class="MsoNormal" style="background:white">Peter –
I agree. Adding “starting with” to the new
definition is enough to resolve this concern.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="background:white"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="background:white">Thanks,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="background:white"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="background:white">Wayne<o:p></o:p></p>
</div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<div>
<p class="MsoNormal" style="background:white"><b><span
style="font-size:12.0pt">From:<span
class="apple-converted-space"> </span></span></b><span
style="font-size:12.0pt">Peter Bowen<span
class="apple-converted-space"> </span><a
href="mailto:pzb@amzn.com"
moz-do-not-send="true"><span
style="color:purple"><pzb@amzn.com></span></a><br>
<b>Date:<span class="apple-converted-space"> </span></b>Tuesday,
July 18, 2017 at 7:01 PM<br>
<b>To:<span class="apple-converted-space"> </span></b>Wayne
Thayer<span class="apple-converted-space"> </span><a
href="mailto:wthayer@godaddy.com"
moz-do-not-send="true"><span
style="color:purple"><wthayer@godaddy.com></span></a>,
CA/Browser Forum Public Discussion List<span
class="apple-converted-space"> </span><a
href="mailto:public@cabforum.org"
moz-do-not-send="true"><span
style="color:purple"><public@cabforum.org></span></a><br>
<b>Subject:<span class="apple-converted-space"> </span></b>Re:
[cabfpub] [EXTERNAL]Re: Problems with Ballot 202</span><o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="background:white"> <o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="background:white">Wayne,<span
class="apple-converted-space"> </span><o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal" style="background:white"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="background:white">Based
on Geoff’s recommendation, Ben, Ryan, and I were
going to update the definitions as follows:<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="background:white"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="background:white"><b>Domain
Label</b>: A label of a domain name, as
defined in RFC 5890 section 2.2; for example,
the domain name "<a
href="http://www.example.com/"
moz-do-not-send="true"><span
style="color:purple">www.example.com</span></a>"
is composed of three labels: "www", "example",
and "com".<o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="background:white"><b>Domain
Name</b>: A string which is a ‘domain
name’, as defined in RFC 5890 section 2.2,
with labels separated by dots, or a Wildcard
Domain Name. For example “<a
href="http://www.example.com/"
moz-do-not-send="true"><span
style="color:purple">www.example.com</span></a>”
and “*.<a href="http://example.net/"
moz-do-not-send="true"><span
style="color:purple">example.net</span></a>”
are domain names.<o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal" style="background:white"><b>Wildcard
Domain Name</b>: The string ‘*.’ followed
by a ‘domain name’ with labels separated by
dots, as defined in RFC 5890 section 2.2<o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="background:white"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="background:white">I
think you make a good point. How does this
work for Wildcard Domain Name?<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="background:white"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="background:white"><b>Wildcard
Domain Name</b>: A string starting with ‘*.’
followed by a ‘domain name’ with labels
separated by dots, as defined in RFC 5890
section 2.2<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="background:white"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="background:white">I’m
not quite sure how to fit “left” into the
definition proposed by Geoff, but I think
“starting with” should make it clear that
“www.*.<a href="http://example.com/"
moz-do-not-send="true"><span
style="color:purple">example.com</span></a>”
is not acceptable, as it does not start with
“*.”.<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="background:white"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="background:white">Do
either of these definitions of Wildcard Domain
Name work for you?<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="background:white"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="background:white">Thanks,<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="background:white">Peter<o:p></o:p></p>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal" style="background:white"> <o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="background:white"> <o:p></o:p></p>
</div>
<div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal" style="background:white">On
Jul 18, 2017, at 6:49 PM, Wayne Thayer via
Public <<a
href="mailto:public@cabforum.org"
moz-do-not-send="true"><span
style="color:purple">public@cabforum.org</span></a>>
wrote:<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="background:white"> <o:p></o:p></p>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white">Peter,<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"
style="background:white">Would you
consider adding ‘in the left most Domain
Label’ to the definition of Wildcard
Domain Name? While the definition of
Authorization Domain Name contradicts
this, it was pointed out to me that
someone unfamiliar with the history
might misinterpret the new definition to
allow something like ‘www.*.<a
href="http://example.com/"
moz-do-not-send="true"><span
style="color:purple">example.com</span></a>’.<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><b>Wildcard
Domain Name:<span
class="apple-converted-space"> </span></b>A
Domain Name consisting of a single
asterisk character ("*") [<i>in the left
most Domain Label</i>] followed by a
single full stop character (".")
followed by a Fully-Qualified Domain
Name.<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"
style="background:white">Thanks,<o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"
style="background:white">Wayne<o:p></o:p></p>
</div>
</div>
<div style="border:none;border-top:solid
#B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<div>
<div>
<p class="MsoNormal"
style="background:white"><b><span
style="font-size:12.0pt">From:<span
class="apple-converted-space"> </span></span></b><span
style="font-size:12.0pt">Public <<a
href="mailto:public-bounces@cabforum.org" moz-do-not-send="true"><span
style="color:purple">public-bounces@cabforum.org</span></a>>
on behalf of Peter Bowen via Public
<<a
href="mailto:public@cabforum.org"
moz-do-not-send="true"><span
style="color:purple">public@cabforum.org</span></a>><br>
<b>Reply-To:<span
class="apple-converted-space"> </span></b>Peter
Bowen <<a
href="mailto:pzb@amzn.com"
moz-do-not-send="true"><span
style="color:purple">pzb@amzn.com</span></a>>,
CA/Browser Forum Public Discussion
List <<a
href="mailto:public@cabforum.org"
moz-do-not-send="true"><span
style="color:purple">public@cabforum.org</span></a>><br>
<b>Date:<span
class="apple-converted-space"> </span></b>Monday,
July 17, 2017 at 6:48 PM<br>
<b>To:<span
class="apple-converted-space"> </span></b>Kirk
Hall <<a
href="mailto:Kirk.Hall@entrustdatacard.com"
moz-do-not-send="true"><span
style="color:purple">Kirk.Hall@entrustdatacard.com</span></a>><br>
<b>Cc:<span
class="apple-converted-space"> </span></b>CA/Browser
Forum Public Discussion List <<a
href="mailto:public@cabforum.org"
moz-do-not-send="true"><span
style="color:purple">public@cabforum.org</span></a>><br>
<b>Subject:<span
class="apple-converted-space"> </span></b>Re:
[cabfpub] [EXTERNAL]Re: Problems
with Ballot 202</span><o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white">Kirk,<o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white">The only new
definitions in ballot 202 are “Domain
Label” and “Wildcard Domain Name”. <o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white">“Domain
Label” was defined so we could define
the characters we wanted to allow
underscores in a label.<o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white">“Wildcard
Domain Name” was defined to help make
it very clear that these are allowed.
One of the concerns that has been
heard multiple times is that it is not
clear if “Fully-Qualified Domain Name”
includes names with wildcards. This
ballot resolves this ambiguity by
clearly stating that “Domain Name”
means both wildcard and
fully-qualified domain names.<o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white">Geoff and my
responses crossed. Geoff suggested:<o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><b>Domain
Label</b>: A label of a domain
name, as defined in RFC 1034.<o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><b>Domain
Name</b>: A string which is a
‘domain name’ as defined in RFC 1034
with labels separated by dots, or a
Wildcard Domain Name.<o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><b>Domain
Namespace<span
class="apple-converted-space"> </span></b>(of
a domain): All domains which are
subdomains of the referenced domain,
as described in RFC 1034.<o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><b>Fully
Qualified Domain Name</b>: A
domain name interpreted relative to
the root. The Fully Qualified
Domain Names used in this document
do not end with a period.<o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><b>Wildcard
Domain Name</b>: The string ‘*.’
followed by a ‘domain name’ with
labels separated by dots as defined
in RFC 1034.<o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white">I would
suggest the following as slight
updates, in order to support
Internationalized Domain Names:<o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><b>Domain
Label</b>: A label of a domain name,
as defined in RFC 5890 section
2.2; for example, the domain name "<a
href="http://www.example.com/"
moz-do-not-send="true"><span
style="color:purple">www.example.com</span></a>"
is composed of three labels: "www",
"example", and "com".<o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><b>Domain
Name</b>: A string which is a
‘domain name’, as defined in RFC
5890 section 2.2, with labels
separated by dots, or a Wildcard
Domain Name. For example “<a
href="http://www.example.com/"
moz-do-not-send="true"><span
style="color:purple">www.example.com</span></a>”
and “*.<a href="http://example.net/"
moz-do-not-send="true"><span
style="color:purple">example.net</span></a>”
are domain names.<o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><b>Wildcard
Domain Name</b>: The string ‘*.’
followed by a ‘domain name’ with
labels separated by dots, as defined
in RFC 5890 section 2.2<o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white">I suggest we
hold any updates for Fully Qualified
Domain Name and Domain Namespace for
ballot 190 and limit the changes to
Authorization Domain Name and Base
Domain Name in this ballot to only
remove “Fully Qualified”. <o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white">Do you feel
you could support this ballot if it
had these definitions instead?<o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white">Thanks,<o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white">Peter<o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
<div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white">On Jul
17, 2017, at 5:01 PM, Kirk Hall
<<a
href="mailto:Kirk.Hall@entrustdatacard.com"
moz-do-not-send="true"><span
style="color:purple">Kirk.Hall@entrustdatacard.com</span></a>>
wrote:<o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:#1F497D">I did
know that some of the
definitions were unchanged
from the past – but when you
look at the body of
definitions in 202 taken
together (including the new
ones that rely on the old,
unchanged, confusing ones)
they seem open to multiple
interpretations and frankly
get so complex that it’s hard
to describe the rules to
another person – not good from
a standpoint of uniform
applications and compliance.</span><o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:#1F497D"> </span><o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:#1F497D">I want
to think a bit more about the
simplified definitions just
posted by Geoff, but I much
prefer that kind of approach –
short, simple sentences that
mostly stand on their own, and
make reference to RFCs where
appropriate – to a series of
“nesting”, ever widening
definitions where each depends
on the other.</span><o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:#1F497D"> </span><o:p></o:p></p>
</div>
</div>
</div>
<div>
<div
style="border:none;border-top:solid
#E1E1E1 1.0pt;padding:3.0pt 0in 0in
0in">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><b>From:</b><span
class="apple-converted-space"> </span>Peter Bowen [<a
href="mailto:pzb@amzn.com"
moz-do-not-send="true"><span
style="color:purple">mailto:pzb@amzn.com</span></a>]<span
class="apple-converted-space"> </span><br>
<b>Sent:</b><span
class="apple-converted-space"> </span>Monday,
July 17, 2017 4:56 PM<br>
<b>To:</b><span
class="apple-converted-space"> </span>Kirk
Hall <<a
href="mailto:Kirk.Hall@entrustdatacard.com"
moz-do-not-send="true"><span
style="color:purple">Kirk.Hall@entrustdatacard.com</span></a>>;
CA/Browser Forum Public
Discussion List <<a
href="mailto:public@cabforum.org"
moz-do-not-send="true"><span
style="color:purple">public@cabforum.org</span></a>><br>
<b>Subject:</b><span
class="apple-converted-space"> </span>[EXTERNAL]Re:
[cabfpub] Problems with
Ballot 202<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"> </span><o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"> </span><o:p></o:p></p>
</div>
</div>
</div>
<div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt">On
Jul 17, 2017, at 3:28
PM, Kirk Hall via Public
<<a
href="mailto:public@cabforum.org"
moz-do-not-send="true"><span
style="color:purple">public@cabforum.org</span></a>>
wrote:</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"> </span><o:p></o:p></p>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white">Here
are the difficulties I’m
having understanding the
new (very complex)
Ballot 202 definitions
shown below. I can’t
imagine explaining this
to our engineering and
vetting teams, and I
think people will make
mistakes. Assuming
these definitions parse
out, at a bare minimum
we should give easy
examples for each
definition. These are
arranged in a logical
order, not
alphabetically.<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt">Kirk,</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt">Thank
you for the feedback.
I’ve added comments
inline, but I one
overarching note is that
many of the definitions
you list are unchanged in
this ballot. In several
of the other cases the
portion of the definition
that seems to be causing
concern is from the
current BRs. I tried hard
to avoid changing
definitions and minimize
changes to existing ones.</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white">Also
– we won’t really know if
these definitions are good
and useful unless we
compare them to the new
text of BR 3.2.2.4, which
defines how we are to do
validation. Last week
when we pulled back Ballot
190 it was to allow Peter
time to tune up the
definition of Authorized
Domain Name in Ballot 190
the context of BR 3.2.2.4
(so we could remove the
Notes that had been added
to Ballot 190), but to my
surprise, the new
definitions have shown up
in Ballot 202 instead – I
think that’s a mistake. <o:p></o:p></p>
</div>
</div>
</div>
</div>
</blockquote>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt">This
ballot has been in
discussion for months. As
noted below, terms like
“Authorization Domain
Name” are not included in
this ballot; the text
quoted is from the current
BRs and is unmodified.</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"><br>
<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
</div>
</div>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"
style="margin-bottom:8.0pt;line-height:11.55pt;background:white;background-position:initial
initial;background-repeat:initial
initial">As recently as July 4,
Ben said this Ballot 202 would
cover the following four subjects:
(1) adds dnQualifier as an allowed
attribute for all certificate
types (including DV), (2) adds
ASN.1 info on the EV jurisdiction
attribute types, (3) adds language
to the EV guidelines to clarify
that CAs may limit their aggregate
liabilities, (4) allows
underscores in domain names and
clarifies what can go in common
names. Why did the authors decide
to include changes to crucial
definitions applicable to domain
validation at the same time, but
not allow discussion in a
pre-ballot?<o:p></o:p></p>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white">At
this point, Entrust is
inclined to vote no – not
because we necessarily
oppose the ballot’s aims,
but because there are some
questions and no time to
resolve them before voting
starts.<o:p></o:p></p>
</div>
</div>
</div>
</div>
</blockquote>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt">This
ballot only covers (4). I
would ask that you please
double check the current
BRs to confirm that many
of the definitions are
already present and are
not introduced in the
ballot.</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"><br>
<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
</div>
</div>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white">Here
are our concerns about the
new definitions. Again,
it would be nice to have
more time to discuss, and
not start voting on
Wednesday.<o:p></o:p></p>
</div>
</div>
</div>
</div>
</blockquote>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><b>Domain
Label:<span
class="apple-converted-space"> </span></b>An
individual component of
a Domain Name. <span
class="apple-converted-space"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
</div>
</div>
<div style="margin-left:.5in">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:red">[What
does this mean –
“component”? Is a
period a Domain
Label? A couple of
letters? This seems
circular with the
Domain Name definition
below. Did you mean
“node” and not
“component”? At a
minimum, give examples
– “In<span
class="apple-converted-space"> </span><a
href="http://mail.example.com/" moz-do-not-send="true"><span
style="color:#954F72">mail.example.com</span></a>,
the components are
“mail”, “example”, and
“com”. The period “.”
is not a component,
nor are characters
that are less than a
full node such as
“exa”.]</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt">This
is the terminology from
RFC 5890 section 2.2: <b>DNS-Related
Terminology.</b> <span
class="apple-converted-space"> </span>It
is the characters between
periods; the period itself
is not included in the
component. See <a
href="https://tools.ietf.org/html/rfc5890#section-2.2"
moz-do-not-send="true"><span
style="color:purple">https://tools.ietf.org/html/rfc5890#section-2.2</span></a></span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><b> </b><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><b>Domain
Name: <span
class="apple-converted-space"> </span></b>A
set of one or more Domain
Labels, each separated by
a single full stop
character (".").
Fully-Qualified Domain
Names and Wildcard Domain
Names are Domain Names. <o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
</div>
</div>
<div style="margin-left:.5in">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:red">[Again,
somewhat circular –
Domain Label says it’s a
component of a Domain
Name, and Domain Name
says it’s made up of
Domain Labels… never
fully defined. </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div style="margin-left:.5in">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:red"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div style="margin-left:.5in">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:red">Also,
saying that FQDNs and
Wildcard DNs are DNs
might work, but need to
study the rest of the
text. </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div style="margin-left:.5in">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:red"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div style="margin-left:.5in">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:red">Also,
this definition does not
require a domain name to
end in a gTLD or ccTLD,
so server1.mail
qualifies as a Domain
Name? Might cause
trouble with other
definitions.]</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
</div>
</div>
</blockquote>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt">You
are correct,
“server1.mail” is a Domain
Name. I’m open to
refining this definition
to avoid the circular
terminology.</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"><br>
<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
</div>
</div>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><b>Domain
Namespace:</b> <span
class="apple-converted-space"> </span>The
set of all possible Domain
Names that are subordinate
to a single node in the
Domain Name System.<o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
</div>
</div>
<div style="margin-left:.5in">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:red">[Unclear
– “subordinate to a
single node in the
Domain Name System”. So
for<span
class="apple-converted-space"> </span><a
href="http://server1.mail.example.com/" moz-do-not-send="true"><span
style="color:#954F72">server1.mail.example.com</span></a>,
is “com” part of the
Domain Namespace, or
only
server1.mail.example?
Also, you say in the
definition of Domain
Name that an FQDN is a
Domain Name, so under
the Definition of Domain
Namespace, is the entire
FQDN (including .com)
meant to be subordinate
to a single node in the
Domain Name System?
Would that require<span
class="apple-converted-space"> </span><a
href="http://server1.mail.example.com.com/"
moz-do-not-send="true"><span
style="color:#954F72">server1.mail.example.com.</span></a><b><a
href="http://server1.mail.example.com.com/"
moz-do-not-send="true"><span style="color:#954F72">com</span></a></b>,
with the second “.com”
being the single node?</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div style="margin-left:.5in">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:red"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div style="margin-left:.5in">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:red">In the
example<span
class="apple-converted-space"> </span><a
href="http://server1.mail.example.com/" moz-do-not-send="true"><span
style="color:#954F72">server1.mail.example.com</span></a>,
“server1” and “mail” are
subordinate to
“example”, so does that
mean “server1.mail” is a
Domain Namespace that is
subordinate to the node
“example”?</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div style="margin-left:.5in">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:red"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div style="margin-left:.5in">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:red">Also –
we never use Domain
Namespace in the rest of
the definitions. Where
is it used, and does
this definition make
sense there?]</span> <o:p></o:p></p>
</div>
</div>
</div>
</div>
</blockquote>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt">This
definition is from the
current BRs and is
unmodified in this ballot.</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"><br>
<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
</div>
</div>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><b>Fully-Qualified
Domain Name: <span
class="apple-converted-space"> </span></b>A
Domain Name that includes
the Domain Labels of all
superior nodes in the
Internet Domain Name
System.<o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
</div>
</div>
<div style="margin-left:.5in">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:red">[Again
unclear. The reference
to “all superior nodes”
begs the question –
superior to what? A
gTLD or ccTLD? In the
example<span
class="apple-converted-space"> </span><a
href="http://server1.mail.example.com/" moz-do-not-send="true"><span
style="color:#954F72">server1.mail.example.com</span></a>,
is
“server1.mail.example”
itself an FQDN, because
it includes all
“superior nodes” to
.com? Or did you mean
to include .com as well
to make it an FQDN?]</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
</blockquote>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt">This
definition is from the
current BRs and is
unmodified in this ballot.</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"><br>
<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
</div>
</div>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><b> </b><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><b>Wildcard
Domain Name:</b><span
class="apple-converted-space"> </span>A
Domain Name consisting of
a single asterisk
character ("*") followed
by a single full stop
character (".") followed
by a Fully-Qualified
Domain Name.<o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
</div>
</div>
<div style="margin-left:.5in">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:red">[This
is confusing because it
starts with Domain Name,
then talks about an FQDN
– the “*” itself doesn’t
turn a Domain Name into
an FQDN so why are you
using both terms? ]</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
</blockquote>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt">Yes,
a Wildcard Domain Name is
a type of Domain Name. It
is made up of “*.” + a
FQDN. For example “*.<a
href="http://blogspot.com/"
moz-do-not-send="true"><span
style="color:purple">blogspot.com</span></a>”
or “*.<a
href="http://signin.aws.amazon.com/"
moz-do-not-send="true"><span
style="color:purple">signin.aws.amazon.com</span></a>"</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><b>Base
Domain Name:</b><span
class="apple-converted-space"> </span>The
portion of an applied-for
Domain Name that is the
first domain name node
left of a
registry-controlled or
public suffix plus the
registry-controlled or
public suffix (e.g. "<a
href="http://example.co.uk/"
moz-do-not-send="true"><span
style="color:#954F72">example.co.uk</span></a>"
or "<a
href="http://example.com/"
moz-do-not-send="true"><span
style="color:#954F72">example.com</span></a>").<o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white">For
Domain Names where the
right-most domain name
node is a gTLD having
ICANN Specification 13 in
its registry agreement,
the gTLD itself may be
used as the Base Domain
Name.<o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
</div>
</div>
<div style="margin-left:.5in">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:red">[Ballot
190 stripped out
“requested” in front of
FQDN wherever it
existed, as it seems to
get into a CA’s business
processes – what the
customer requests, as
opposed to a domain the
CA decides to validate -
and adds nothing but
confusion. I recall
discussion that used the
word “requested” to
limit what a CA could do
– e.g., using
“requested” might limit
CA so they could only
verify an FQDN the
customer “requested” (<a
href="http://server1.mail.example.com/" moz-do-not-send="true"><span
style="color:#954F72">server1.mail.example.com</span></a>)
and not the FQDN the CA
wanted to verify to fill
the customer’s order (<a
href="http://example.com/" moz-do-not-send="true"><span
style="color:#954F72">example.com</span></a>).
Now we see the words
“applied for” – take it
out, it’s not relevant
and could restrict what
CAs can do.]</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
</blockquote>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt">This
definition is from the
current BRs and is
unmodified in this ballot.
We can change it in
Ballot 190, as you
suggest, but I don’t think
modifying it in this
ballot makes sense.</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"><br>
<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
</div>
</div>
</div>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><b>Authorization
Domain Name:</b><span
class="apple-converted-space"> </span>The
Domain Name used to obtain<span
class="apple-converted-space"> </span><span style="background:yellow">authorization</span><span
class="apple-converted-space"> </span>for certificate issuance for a
given Domain Name.<span
class="apple-converted-space"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white">The
CA may use the FQDN
returned from a DNS CNAME
lookup as the Domain Name
for the purposes of domain
validation.<o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white">If
the Domain Name is a
Wildcard Domain Name, then
the CA MUST remove “*.”
from the left most portion
of<span
class="apple-converted-space"> </span><span
style="background:yellow">requested</span>Domain Name.<o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white">The
CA may prune zero or more
labels from left to right
until encountering a Base
Domain Name and may use
any one of the
intermediate values for
the purpose of domain
validation.<o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"> <o:p></o:p></p>
</div>
</div>
</div>
</div>
<div style="margin-left:.5in">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:red">[First,
the word “authorization”
does not seem correct –
validation (used in BR
3.2.2.4) might make more
sense. A simple WhoIs
lookup by itself doesn’t
seem like authorization,
only validation of a
request.</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div style="margin-left:.5in">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:red"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div style="margin-left:.5in">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:red">The
first sentence is
somewhat circular by
using Domain Name twice
in one sentence. The
Domain Name used… for a
given Domain Name. ??</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div style="margin-left:.5in">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:red"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div style="margin-left:.5in">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:red">Assuming
that server1.mail is a
Domain Name, can it be
an Authorization Domain
Name for something?</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div style="margin-left:.5in">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:red"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div style="margin-left:.5in">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:red">The
second sentence again
goes from FQDN to Domain
Name – not clear why.</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div style="margin-left:.5in">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:red"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div style="margin-left:.5in">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:red">The
third sentence again
talks about the
“requested Domain Name”
– requested by the
customer? Please remove
“requested”. Also, why
are you saying the *
must be removed – do you
mean to add something at
the end of the sentence
like “before the
validation is obtained”,
or “before a certificate
is issued”, or..? I
don’t understand the
purpose of this sentence
in this definition.</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div style="margin-left:.5in">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:red"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div style="margin-left:.5in">
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="color:red">The
final sentence is
unclear as to what
domain name is being
pruned – the
Authorization Domain
Name? (The sentence is
in that definition.) Or
is the requested domain
name being pruned
(probably). This might
be one place where it
makes sense to use
“requested” simply to
show a CA can choose to
prune and then validate
what’s left. But why is
this rule in the
definition of
Authorization Domain
Name? Shouldn’t it be
in BR 3.2.2.4 itself?]</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
</blockquote>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt">Authorization
Domain Name is already
defined in the current
BRs. The current
definition in the BRs is:</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt">"The
Domain Name used to obtain
authorization for
certificate issuance for a
given FQDN. The CA may use
the FQDN returned from a
DNS CNAME lookup as the
FQDN for the purposes of
domain validation. If the
FQDN contains a wildcard
character, then the CA
MUST remove all wildcard
labels from the left most
portion of requested FQDN.
The CA may prune zero or
more labels from left to
right until encountering a
Base Domain Name and may
use any one of the
intermediate values for
the purpose of domain
validation."</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt">The
term “authorization” is in
the current BRs and is
unmodified. The term
“requested” is in the
current BRs and is
unmodified. The third
sentence is almost
identical to the existing
language but says “*.”
instead of “wildcard
labels”. The last
sentence is unmodified
from the current BRs.</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt">I
appreciate that some of
the existing language is
could use improvement, but
the objective of Ballot
202 is not to clean up
every issue in the BRs.
We still have Ballot 190
to go and we can have
further changes in future
ballots. I tried hard to
keep the scope of Ballot
202 constrained, and I
hope the above
explanations help
demonstrate the
constrained nature.</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt"> </span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt">Thanks,</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><span
style="font-size:12.0pt">Peter</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<div>
<div>
<p class="MsoNormal"
style="background:white"><br>
<br>
<br>
<br>
<o:p></o:p></p>
</div>
</div>
</div>
<div>
<p class="MsoNormal" style="background:white">_______________________________________________<br>
Public mailing list<br>
<a href="mailto:Public@cabforum.org"
moz-do-not-send="true"><span
style="color:purple">Public@cabforum.org</span></a><br>
<a
href="https://cabforum.org/mailman/listinfo/public"
moz-do-not-send="true"><span
style="color:purple">https://cabforum.org/mailman/listinfo/public</span></a><o:p></o:p></p>
</div>
</div>
</blockquote>
</div>
<div>
<p class="MsoNormal" style="background:white"> <o:p></o:p></p>
</div>
</div>
<p class="MsoNormal" style="background:white"><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif"><br>
<br>
<br>
<o:p></o:p></span></p>
<pre style="background:white">_______________________________________________<o:p></o:p></pre>
<pre style="background:white">Public mailing list<o:p></o:p></pre>
<pre style="background:white"><a href="mailto:Public@cabforum.org" moz-do-not-send="true"><span style="color:purple">Public@cabforum.org</span></a><o:p></o:p></pre>
<pre style="background:white"><a href="https://cabforum.org/mailman/listinfo/public" moz-do-not-send="true"><span style="color:purple">https://cabforum.org/mailman/listinfo/public</span></a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif"><br>
<span style="background:white">_______________________________________________</span><br>
<span style="background:white">Public mailing list</span><br>
</span><a href="mailto:Public@cabforum.org"
moz-do-not-send="true"><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:purple;background:white">Public@cabforum.org</span></a><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif"><br>
</span><a
href="https://cabforum.org/mailman/listinfo/public"
moz-do-not-send="true"><span
style="font-size:9.0pt;font-family:"Helvetica",sans-serif;color:purple;background:white">https://cabforum.org/mailman/listinfo/public</span></a><o:p></o:p></p>
</div>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</blockquote>
<br>
</body>
</html>