[cabfpub] Section 9.2.3 modification

Robin Alden robin at comodo.com
Fri May 24 02:37:30 MST 2013


Jeremy,
	I endorse it.
I think it's a step in the right direction to match current practice
with regard to issuance of grid certificates.

Regards
Robin Alden
Comodo


> -----Original Message-----
> From: Jeremy Rowley [mailto:jeremy.rowley at digicert.com]
> Sent: 23 May 2013 22:38
> To: robin at comodo.com
> Cc: 'CABFPub'
> Subject: RE: [cabfpub] Section 9.2.3 modification
> 
> Thanks Geoff.  Robin, do you still endorse this ballot?
> 
> Jeremy
> 
> -----Original Message-----
> From: public-bounces at cabforum.org [mailto:public-
> bounces at cabforum.org] On Behalf Of Geoff Keating
> Sent: Thursday, May 23, 2013 3:14 PM
> To: jeremy.rowley at digicert.com; Rowley
> Cc: CABFPub
> Subject: Re: [cabfpub] Section 9.2.3 modification
> 
> 
> On 23/05/2013, at 1:13 pm, jeremy rowley
> <jeremy.rowley at digicert.com> wrote:
> 
> > Since my position is that the applicant/subscriber is essentially
> > unknown for a DV Cert, I still disagree with your analysis regarding
> > the subject of a DV certificate.  However,  I do agree that Geoff's
> > proposed language is more clear and precise.  Therefore, my new
> > proposed
> motion is as follows:
> >
> > ---Motion Begins----
> >
> > Replace Section 9.2.3 with the following:
> >
> > Certificate Field:  subject:domainComponent (OID
> > 0.9.2342.19200300.100.1.25)
> > Required/Optional:  Optional.
> > Contents: If present, this field MUST contain a label from a Domain
> Name.
> > The domainComponent fields for each Domain Name MUST be in a
> single
> > ordered sequence containing all labels from the Domain name.  The
> > labels MUST be encoded in the reverse order to the on-wire
> > representation of domain names in the DNS protocol, so that the
label
> closest to the root is encoded first.
> > The CA MUST ensure that the certificate is issued with the consent
of,
> > and according to procedures established by, the owner of each Domain
> Name.
> >
> > -----Motion Ends-----
> >
> > Goeff - since this is your language, would you care to endorse?
> 
> Sure!
> 
> (To the best of my knowledge, nothing in Apple's code does anything
> with a DC other than display it, except for LDAP.)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5246 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20130524/5c8f9d50/attachment-0001.bin 


More information about the Public mailing list