[cabfpub] Refinement of gTLD requirements

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Thu Jan 30 15:32:04 MST 2014


On 01/30/2014 08:50 PM, From Rick Andrews:
>
> “Within 120 days after the delegation from the public DNS root for a 
> new gTLD (as indicated by either one of the two URLs below), CAs MUST 
> revoke each Certificate containing a Domain Name that includes the new 
> gTLD unless the Subscriber is either the Domain Name Registrant or can 
> demonstrate control over the Domain Name.
> _http://newgtlds.icann.org/en/program-status/delegated-strings_
> _https://data.iana.org/TLD/tlds-alpha-by-domain.txt_”
> I welcome your comments.

Honestly I believe CAs should immediately refrain from issuing anything 
accept TLDs that have been approved by ICANN and try to reduce/replace 
existing certificates as much as possible.

No matter how you turn it, it's messy and risky for the CAs no matter 
which requirement is cooked up and dangerous for the relying parties.


Regards
Signer: 	Eddy Nigg, COO/CTO
	StartCom Ltd. <http://www.startcom.org>
XMPP: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Twitter: 	Follow Me <http://twitter.com/eddy_nigg>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20140131/b830b185/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4540 bytes
Desc: S/MIME Cryptographic Signature
Url : https://cabforum.org/pipermail/public/attachments/20140131/b830b185/attachment.bin 


More information about the Public mailing list