[cabfpub] EV Wildcards

Ryan Sleevi sleevi at google.com
Fri Mar 20 14:08:10 UTC 2015

On Mar 20, 2015 6:53 AM, "Rob Stradling" <rob.stradling at comodo.com> wrote:
> On 20/03/15 13:26, Ryan Sleevi wrote:
> <snip>
>> Whether or not this defeats the point of EV is another matter, and is
>> perhaps a subjective evaluation. However, as it stands, EV has never
>> worked as you describe, so it is entirely consistent to allow wildcards.
> Ryan, if EV wildcards become permitted, would you reconsider your view
that the 6962-bis name redaction mechanism is not suitable for EV?

As mentioned during the F2F, our concern regarding name redaction was
indeed related to the inpermissibility of wildcards for EV. So yes, if the
Forum moved to allow them, we'd be happy to revisit this on Chrome's
ct-policy list for discussion.

That said, on the topic of name redaction, there is nothing preventing
clients/user agents/relying parties from submitting certificates they
encounter towards logs, so the benefits of name redaction do need to be
carefully considered here as to what goals it accomplishes or can
guarantee. But that's more of a question for the IETF TRANS wg.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150320/d489fb38/attachment-0003.html>

More information about the Public mailing list