[cabfpub] Section 9.2.3 modification
Geoff Keating
geoffk at apple.com
Thu May 23 21:14:05 UTC 2013
On 23/05/2013, at 1:13 pm, jeremy rowley <jeremy.rowley at digicert.com> wrote:
> Since my position is that the applicant/subscriber is essentially unknown
> for a DV Cert, I still disagree with your analysis regarding the subject of
> a DV certificate. However, I do agree that Geoff's proposed language is
> more clear and precise. Therefore, my new proposed motion is as follows:
>
> ---Motion Begins----
>
> Replace Section 9.2.3 with the following:
>
> Certificate Field: subject:domainComponent (OID 0.9.2342.19200300.100.1.25)
> Required/Optional: Optional.
> Contents: If present, this field MUST contain a label from a Domain Name.
> The domainComponent fields for each Domain Name MUST be in a single ordered
> sequence containing all labels from the Domain name. The labels MUST be
> encoded in the reverse order to the on-wire representation of domain names
> in the DNS protocol, so that the label closest to the root is encoded first.
> The CA MUST ensure that the certificate is issued with the consent of, and
> according to procedures established by, the owner of each Domain Name.
>
> -----Motion Ends-----
>
> Goeff - since this is your language, would you care to endorse?
Sure!
(To the best of my knowledge, nothing in Apple's code does anything with a DC other than display it, except for LDAP.)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4316 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130523/88bb9728/attachment-0001.p7s>
More information about the Public
mailing list