[cabfpub] Refinement of gTLD requirements

Gervase Markham gerv at mozilla.org
Thu Feb 6 13:46:04 UTC 2014

On 31/01/14 21:55, Ryan Sleevi wrote:
> I would expect you to at least be re-issuing the certificate, since the
> original certificate's domain validation procedures clearly failed the
> requirements of 11.1.1 with respect to the "new" gTLD, and I would still
> expect the previous certificate to be revoked.


Are you sure about this? My understanding was that we were attempting to
create a safe overlap so that such certificates would not all need to be

As an example, if BigCorp had an internal network which used ".bigcorp",
and if they were to succeed in getting ".bigcorp" (indeed, this could be
the sole reason they forked out $300K to get it, to avoid the 2015
internal-certocalypse), then we would not want every certificate they
are using internally, which may number in the thousands, to have to be
revoked and reissued (potentially, bit-for-bit identically).


More information about the Public mailing list