[cabfpub] Proposal for change of definition of Internal Server Name in the BRs

kirk_hall at trendmicro.com kirk_hall at trendmicro.com
Thu Mar 13 16:15:44 UTC 2014

Gerv - the current definition of ISN (and prohibition under BR 9.2.1) is flawed, as it could include certs for FQDNs that are not used on the public internet -- which was not our intent.  Here's the current definition: "Internal Server Name: A Server Name (which may or may not include an Unregistered Domain Name) that is not resolvable using the public DNS."

We're trying to change this so "ISN" now means a server name that's not registered in WhoIs, etc.

-----Original Message-----
From: Gervase Markham [mailto:gerv at mozilla.org] 
Sent: Thursday, March 13, 2014 8:08 AM
To: ben at digicert.com; Kirk Hall (RD-US); 'Ryan Sleevi'
Cc: 'CABFPub'
Subject: Re: [cabfpub] Proposal for change of definition of Internal Server Name in the BRs

On 09/03/14 04:48, Ben Wilson wrote:
> As noted in an earlier email, this is draft will become Ballot 112. 

Remind us of the goal of this change?

> Proposal 1 - Internal Name:  A non-IP-Address Common Name or Subject 
> Alternative Name not ending in a TLD registered in the Root Zone.

Is this definition, or others which refer to the Root Zone, going to interact badly with the point that for revocation purposes we are treating TLDs for which a contract has been signed, but which are not yet in the Root Zone, as actual TLDs?

> Proposal 2 - Internal Name:  A string of characters (not an IP 
> address) that is located in a Common Name or Subject Alternative Name 
> field of a Certificate that is incapable of being verified as globally 
> unique within the DNS at the time of certificate issuance because it 
> does not end with a Top Level Domain registered in IANA’s Root Zone Database.

2 seems a wordier version of 1; if the above problem is not a problem, I think either is OK.


<table class="TM_EMAIL_NOTICE"><tr><td><pre>
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.

More information about the Public mailing list