[cabfpub] Ballot 112 - Replace Definition of "Internal Server Name" with "Internal Name"
sleevi at google.com
Fri Mar 21 07:34:45 MST 2014
On Mar 21, 2014 3:17 AM, "Gervase Markham" <gerv at mozilla.org> wrote:
> On 20/03/14 18:39, Ben Wilson wrote:
> > 1. REPLACE the Definition of "Internal Server Name" in the Baseline
> > Requirements by DELETING the current definition and INSERTING the
> > Internal Name: A string of characters (not an IP address) in a Common
> > Name or Subject Alternative Name field of a Certificate that cannot be
> > verified as globally unique within the public DNS at the time of
> > certificate issuance because it does not end with a Top Level Domain
> > registered in IANA’s Root Zone Database.
> I notice this says "registered". Is it the intent of this motion to
> change the conditions surrounding the revocation of
> previously-Internal-Name certificates which happen to end with new
> gTLDs, such that instead of having to start that process at contract
> signing time, the process now starts at root zone insertion time?
> Public mailing list
> Public at cabforum.org
No. That ballot is deferred.
The goal is to clarify that if an applicant applies for
myhost.corp.example.com, where corp.example.com is NOT resolvable via the
public DNS (eg: due to using a split horizon DNS config), CAs can still
issue because example.com IS registerable and can be validated to be under
the applicants control.
Under the current terminology, "myhost.corp.example.com" is seen the same
as "myhost.somerandomundelegatedtld", even though the risks and concerns
are not the same.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public