<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal>That one, and the related ones Ryan mentioned. It’s a fun one. Thanks for digging it up.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>-Tim<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> Corey Bonnell [mailto:CBonnell@trustwave.com] <br><b>Sent:</b> Thursday, May 24, 2018 10:58 AM<br><b>To:</b> Tim Hollebeek <tim.hollebeek@digicert.com>; CA/Browser Forum Public Discussion List <public@cabforum.org>; Ryan Sleevi <sleevi@google.com><br><b>Subject:</b> Re: [cabfpub] Question about CN and SAN encoding<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Hi Tim,<o:p></o:p></p><p class=MsoNormal>Are you referring to this bug that was discovered last year? <a href="https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7838">https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7838</a><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Thanks,<o:p></o:p></p><div><p class=MsoNormal><span style='font-size:10.5pt;color:black'><o:p> </o:p></span></p><div><p class=MsoNormal><b><span style='font-size:10.5pt;font-family:"Arial",sans-serif;color:#428FC5'>Corey Bonnell</span></b><span style='font-size:10.5pt;color:#428FC5'><o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:10.5pt;font-family:"Arial",sans-serif;color:gray'>Senior Software Engineer</span><span style='font-size:10.5pt;color:black'><o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:10.5pt;font-family:"Arial",sans-serif;color:gray'>t: +1 412.395.2233</span><span style='font-size:10.5pt;color:black'><o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:10.5pt;color:black'><o:p> </o:p></span></p></div></div><p class=MsoNormal><b><span style='font-size:10.5pt;font-family:"Arial",sans-serif;color:#428FC5'>Trustwave</span></b><b><span style='font-size:10.5pt;font-family:"Arial",sans-serif;color:gray'> </span></b><span style='font-size:10.5pt;font-family:"Arial",sans-serif;color:gray'>| SMART SECURITY ON DEMAND<a href="http://www.trustwave.com/"><span style='color:gray;text-decoration:none'><br>www.trustwave.com</span></a></span><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:12.0pt;color:black'>From: </span></b><span style='font-size:12.0pt;color:black'>Public <<a href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a>> on behalf of Tim Hollebeek via Public <<a href="mailto:public@cabforum.org">public@cabforum.org</a>><br><b>Reply-To: </b>Tim Hollebeek <<a href="mailto:tim.hollebeek@digicert.com">tim.hollebeek@digicert.com</a>>, CA/Browser Forum Public Discussion List <<a href="mailto:public@cabforum.org">public@cabforum.org</a>><br><b>Date: </b>Wednesday, May 23, 2018 at 1:57 PM<br><b>To: </b>Ryan Sleevi <<a href="mailto:sleevi@google.com">sleevi@google.com</a>><br><b>Cc: </b>CA/Browser Forum Public Discussion List <<a href="mailto:public@cabforum.org">public@cabforum.org</a>><br><b>Subject: </b>Re: [cabfpub] Question about CN and SAN encoding<o:p></o:p></span></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal>I agree. The ballot is not affected at all (it wasn’t mentioned in the first two sentences).<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>I believe your first two sentences are correct with respect to current versions of major browsers, but need a small caveat w.r.t. older versions of Firefox.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>Corey can correct me if I’m wrong, but I was thinking of the Firefox display bugs we stumbled on when he found some spoofing issues with respect to display of xn-- domain components in Firefox. Older versions of Firefox (circa last year?) had some errors in their logic.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>Like I said, they’re pretty minor, but worth noting.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>-Tim<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> Ryan Sleevi [<a href="mailto:sleevi@google.com">mailto:sleevi@google.com</a>] <br><b>Sent:</b> Wednesday, May 23, 2018 11:15 AM<br><b>To:</b> Tim Hollebeek <<a href="mailto:tim.hollebeek@digicert.com">tim.hollebeek@digicert.com</a>><br><b>Cc:</b> CA/Browser Forum Public Discussion List <<a href="mailto:public@cabforum.org">public@cabforum.org</a>>; García Jimeno, Oscar <<a href="mailto:o-garcia@izenpe.eus">o-garcia@izenpe.eus</a>><br><b>Subject:</b> Re: [cabfpub] Question about CN and SAN encoding<o:p></o:p></p></div></div><p class=MsoNormal> <o:p></o:p></p><div><p class=MsoNormal> <o:p></o:p></p><div><p class=MsoNormal> <o:p></o:p></p><div><p class=MsoNormal>On Wed, May 23, 2018 at 11:06 AM, Tim Hollebeek <<a href="mailto:tim.hollebeek@digicert.com" target="_blank">tim.hollebeek@digicert.com</a>> wrote:<o:p></o:p></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>With regards to the first two sentences, Firefox had some bugs in this area pretty recently, so if you aren’t on the latest version, you might experience issues. They were relatively minor, though.<o:p></o:p></p></div></div></blockquote><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>Could you provide a citation for this? I actually carefully watch all of those changes, and am not aware of any recent bugs that would overlap with the ballot or question. It's possible that you're referring to the logic for when A-Label to U-Labels are displayed, but that, if anything, is a very clear argument in favor of Ballot 202, and against U-Labels within CNs.<o:p></o:p></p></div></div><div><p class=MsoNormal> <o:p></o:p></p></div></div></div></div></div></div></body></html>