[cabfpub] Section 9.2.3 modification

Jeremy Rowley jeremy.rowley at digicert.com
Thu May 23 21:38:27 UTC 2013

Thanks Geoff.  Robin, do you still endorse this ballot?


-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Geoff Keating
Sent: Thursday, May 23, 2013 3:14 PM
To: jeremy.rowley at digicert.com; Rowley
Subject: Re: [cabfpub] Section 9.2.3 modification

On 23/05/2013, at 1:13 pm, jeremy rowley <jeremy.rowley at digicert.com> wrote:

> Since my position is that the applicant/subscriber is essentially 
> unknown for a DV Cert, I still disagree with your analysis regarding 
> the subject of a DV certificate.  However,  I do agree that Geoff's 
> proposed language is more clear and precise.  Therefore, my new proposed
motion is as follows:
> ---Motion Begins----
> Replace Section 9.2.3 with the following:
> Certificate Field:  subject:domainComponent (OID 
> 0.9.2342.19200300.100.1.25)
> Required/Optional:  Optional.  
> Contents: If present, this field MUST contain a label from a Domain Name.
> The domainComponent fields for each Domain Name MUST be in a single 
> ordered sequence containing all labels from the Domain name.  The 
> labels MUST be encoded in the reverse order to the on-wire 
> representation of domain names in the DNS protocol, so that the label
closest to the root is encoded first.
> The CA MUST ensure that the certificate is issued with the consent of, 
> and according to procedures established by, the owner of each Domain Name.
> -----Motion Ends-----
> Goeff - since this is your language, would you care to endorse?


(To the best of my knowledge, nothing in Apple's code does anything with a
DC other than display it, except for LDAP.)

More information about the Public mailing list