[cabfpub] Section 9.2.3 modification
Jeremy Rowley
jeremy.rowley at digicert.com
Thu May 23 21:38:27 UTC 2013
Thanks Geoff. Robin, do you still endorse this ballot?
Jeremy
-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Geoff Keating
Sent: Thursday, May 23, 2013 3:14 PM
To: jeremy.rowley at digicert.com; Rowley
Cc: CABFPub
Subject: Re: [cabfpub] Section 9.2.3 modification
On 23/05/2013, at 1:13 pm, jeremy rowley <jeremy.rowley at digicert.com> wrote:
> Since my position is that the applicant/subscriber is essentially
> unknown for a DV Cert, I still disagree with your analysis regarding
> the subject of a DV certificate. However, I do agree that Geoff's
> proposed language is more clear and precise. Therefore, my new proposed
motion is as follows:
>
> ---Motion Begins----
>
> Replace Section 9.2.3 with the following:
>
> Certificate Field: subject:domainComponent (OID
> 0.9.2342.19200300.100.1.25)
> Required/Optional: Optional.
> Contents: If present, this field MUST contain a label from a Domain Name.
> The domainComponent fields for each Domain Name MUST be in a single
> ordered sequence containing all labels from the Domain name. The
> labels MUST be encoded in the reverse order to the on-wire
> representation of domain names in the DNS protocol, so that the label
closest to the root is encoded first.
> The CA MUST ensure that the certificate is issued with the consent of,
> and according to procedures established by, the owner of each Domain Name.
>
> -----Motion Ends-----
>
> Goeff - since this is your language, would you care to endorse?
Sure!
(To the best of my knowledge, nothing in Apple's code does anything with a
DC other than display it, except for LDAP.)
More information about the Public
mailing list