[cabfpub] Section 9.2.3 modification

Geoff Keating geoffk at apple.com
Thu May 23 21:14:05 UTC 2013

On 23/05/2013, at 1:13 pm, jeremy rowley <jeremy.rowley at digicert.com> wrote:

> Since my position is that the applicant/subscriber is essentially unknown
> for a DV Cert, I still disagree with your analysis regarding the subject of
> a DV certificate.  However,  I do agree that Geoff's proposed language is
> more clear and precise.  Therefore, my new proposed motion is as follows:
> ---Motion Begins----
> Replace Section 9.2.3 with the following:
> Certificate Field:  subject:domainComponent (OID 0.9.2342.19200300.100.1.25)
> Required/Optional:  Optional.  
> Contents: If present, this field MUST contain a label from a Domain Name.
> The domainComponent fields for each Domain Name MUST be in a single ordered
> sequence containing all labels from the Domain name.  The labels MUST be
> encoded in the reverse order to the on-wire representation of domain names
> in the DNS protocol, so that the label closest to the root is encoded first.
> The CA MUST ensure that the certificate is issued with the consent of, and
> according to procedures established by, the owner of each Domain Name.
> -----Motion Ends-----
> Goeff - since this is your language, would you care to endorse?


(To the best of my knowledge, nothing in Apple's code does anything with a DC other than display it, except for LDAP.)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4316 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20130523/88bb9728/attachment-0001.p7s>

More information about the Public mailing list