[cabfpub] Proposal for change of definition of Internal Server Name in the BRs

kirk_hall at trendmicro.com kirk_hall at trendmicro.com
Wed Dec 18 11:20:51 MST 2013 

Ben, can you prepare a draft ballot incorporating all these changes?  We will be an endorser.

From: Ryan Sleevi [mailto:sleevi at google.com]
Sent: Wednesday, December 18, 2013 12:47 PM
To: ben at digicert.com
Cc: Kirk Hall (RD-US); CABFPub
Subject: RE: [cabfpub] Proposal for change of definition of Internal Server Name in the BRs


Works for me, with a suitable definition of Registered Domain Name.
On Dec 18, 2013 9:45 AM, "Ben Wilson" <ben at digicert.com<mailto:ben at digicert.com>> wrote:
I would prefer that we distinguish between a domain namespace (which is registered) and the server name (which either includes or does not include, a registered domain name).  So “internal server name” could be defined as, “a name that does not include a Registered Domain Name, determined at the time of certificate issuance.”

From: public-bounces at cabforum.org<mailto:public-bounces at cabforum.org> [mailto:public-bounces at cabforum.org<mailto:public-bounces at cabforum.org>] On Behalf Of kirk_hall at trendmicro.com<mailto:kirk_hall at trendmicro.com>
Sent: Wednesday, December 18, 2013 8:14 AM
To: Ryan Sleevi
Cc: CABFPub (public at cabforum.org<mailto:public at cabforum.org>)
Subject: Re: [cabfpub] Proposal for change of definition of Internal Server Name in the BRs

Thanks, Ryan.  So if I understand correctly, the modified language to consider is shown below – correct?

Does anyone object to making these changes?  If not, I’ll propose this in a ballot:


Internal Server Name: A Server Name that is an Unregistered Domain Name.


Registered Domain Name: A Domain Name that contains as the final level a valid domain according to the IANA Root Zone Database.  For domains that end in a gTLD, the Domain Name MUST be registered with an ICANN-accredited Registrar that is authorized to register domains with the ICANN-assigned gTLD Registry Operator (or an Affiliate or subtractor thereof engaged in providing Registry Surfaces).  For domains that end in a country-code or sponsored TLD, the Domain Name MUST be registered with a duly-authorized entity recognized by the Sponsoring Organization of the appropriate ccTLD.  No other forms of Root Zones are permitted to appear within a Registered Domain Name.



[Unregistered Domain Name: A Domain Name that is not a Registered Domain Name.]

As a reminder, right now, the definition for an ISN is as follows:

Internal Server Name: A Server Name (which may or may not include an Unregistered Domain Name) that is not resolvable using the public DNS.

[There is no definition of Server Name in the BRs.]

[Registered Domain Name: A Domain Name that has been registered with a Domain Name Registrar.]

[Unregistered Domain Name: A Domain Name that is not a Registered Domain Name.]




From: Ryan Sleevi [mailto:sleevi at google.com]
Sent: Tuesday, December 17, 2013 3:10 PM
To: Kirk Hall (RD-US)
Cc: Gervase Markham; CABFPub (public at cabforum.org<mailto:public at cabforum.org>)
Subject: Re: [cabfpub] Proposal for change of definition of Internal Server Name in the BRs



On Tue, Dec 17, 2013 at 9:24 AM, kirk_hall at trendmicro.com<mailto:kirk_hall at trendmicro.com> <kirk_hall at trendmicro.com<mailto:kirk_hall at trendmicro.com>> wrote:

So would it work to amend the definition of ISN and of Registered Domain Name to read as follows?



Internal Server Name: A Server Name that is an Unregistered Domain Name.



Registered Domain Name: A Domain Name that has been registered with an ICANN-assigned  Domain Name Registrar.



[Unregistered Domain Name: A Domain Name that is not a Registered Domain Name.]



Looks like we're mixing top and bottom posts again.

I tried to make a distinction between Registry (that is, a party duly recognized and contracted with ICANN to a TLD within the valid list maintained by IANA) and a Registrar (an ICANN-accredited organization to interact with registrants)

The goal of the wording should be two-fold
1) Ensure that Registered Domain Names means it is a name that is a valid TLD according to IANA
2) Ensure that the domain has been registered by a registrant with an ICANN-accredited registrar, for

For what it's worth, here's the definition of "Registered Name" taken from the ICANN 2013 Registrar Accreditation Agreement  ( http://www.icann.org/en/resources/registrars/raa/approved-with-specs-27jun13-en.htm )

"
1.11 "gTLD" or "gTLDs" refers to the top-level domain(s) of the DNS delegated by ICANN pursuant to a registry agreement that is  in full force and effect, other than any country code TLD (ccTLD) or internationalized domain name (IDN) country code TLD.

<snip>

1.15 "Registered Name" refers to a domain name within the domain of a gTLD, whether consisting of two (2) or more (e.g., john.smith.name<http://john.smith.name>) levels, about which a gTLD Registry Operator (or an Affiliate or subcontractor thereof engaged in providing Registry Services) maintains data in a Registry Database, arranges for such maintenance, or derives revenue from such maintenance. A name in a Registry Database may be a Registered Name even though it does not appear in a zone file (e.g., a registered but inactive name).

1.16 "Registered Name Holder" means the holder of a Registered Name.

1.17 The word "registrar," when appearing without an initial capital letter, refers to a person or entity that contracts with Registered Name Holders and with a Registry Operator and collects registration data about the Registered Name Holders and submits registration information for entry in the Registry Database."


The above language doesn't quite handle the ccTLD case, but the IANA Root Zone Database does cover these - http://www.iana.org/domains/root/db

Sorry for the nit-picking here, but I am hoping to avoid future questions.

"Registered Domain Name: A Domain Name that contains as the final level a valid domain according to the IANA Root Zone Database. For domains that end in a gTLD, the Domain Name MUST be registered with an ICANN-accredited Registrar that is authorized to register domains with the ICANN-assigned gTLD Registry Operator (or an Affiliate or subtractor thereof engaged in providing Registry Surfaces). For domains that end in a country-code or sponsored TLD, the Domain Name MUST be registered with a duly-authorized entity recognized by the Sponsoring Organization of the appropriate ccTLD. No other forms of Root Zones are permitted to appear within a Registered Domain Name"

I realize this is a significant expansion on the original language, and may be best suited by multiple additions to the glossary (to cover generic TLD, country-code TLD, and sponsored TLD), and while it should be plainly obvious as common sense, it avoids any ambiguity - and avoids any risk of alternate registries being used and there being naming collisions.




TREND MICRO EMAIL NOTICE

The information contained in this email and any attachments is confidential

and may be subject to copyright or other intellectual property protection.

If you are not the intended recipient, you are not authorized to use or

disclose this information, and we request that you notify us by reply mail or

telephone and delete the original message from your mail system.




<table class="TM_EMAIL_NOTICE"><tr><td><pre>
TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
</pre></td></tr></table>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20131218/5cdd7d9e/attachment-0001.html

More information about the Public mailing list