[cabfpub] Ballot 169 - Revised Validation Requirements

Peter Bowen pzb at amzn.com
Thu Jul 28 15:33:28 UTC 2016 

> On Jul 22, 2016, at 11:25 AM, Ryan Sleevi <sleevi at google.com> wrote:
> 
> Regrettably, despite multiple readings throughout this, I appear to have missed some things in the definitions.
> 
> I'm mostly hoping for clarification, as it might simply be wording issues that can be corrected without changing the substance or intent of the ballot.
> 
> On Fri, Jul 22, 2016 at 11:06 AM, Ben Wilson <ben.wilson at digicert.com> wrote:
>  
> Base Domain Name: The portion of an applied-for FQDN that is the first domain name node left of a registry-controlled or public suffix plus the registry-controlled or public suffix (e.g. "example.co.uk" or "example.com"). For gTLDs, the domain www.[gTLD] will be considered to be a Base Domain.
> 
> 
> Why the "For gTLDs" clause? Is "www.[gTLD]" reserved by ICANN? Is this meant as a clause for Spec-13 situations? For example, as I read it, if Google wanted to get a certificate for "foo.google", the combined definition of "Authorization Domain Name" and "Base Domain Name" would potentially prohibit this - that is, as worded, it suggests "For gTLDs" is mutually exclusive with the preceding sentence.
> 
> I'm unclear if this was meant to be "will also be" - but if so, it's unclear why the gTLD case isn't handled previously. Is it meant to permit the WHOIS lookups for such spec-13 gTLDs? If so, it would only be necessary if you're applying for a bare certificate (either "*.[gTLD]" or [gTLD], and the latter is either prohibited or strongly-discouraged per ICANN SSAC on single-label hosts)
> 
> QUESTION: Can someone explain the context/intent of this clause?
> SUGGESTION: Can this clause be removed? Would the addition of the word "also" change the semantic meaning or interpretation?

You are correct that the second sentence is confusing and unnecessary.  I would propose that the definition be changed to read:

"Base Domain Name: The portion of an applied-for FQDN that is the first domain name node left of a registry-controlled or public suffix plus the registry-controlled or public suffix (e.g. "example.co.uk" or "example.com"). For FQDNs where the right most domain name node is a gTLD having ICANN specification 13 in its registry agreement, gTLD itself may be used as the base domain name."

Thanks,
Peter

More information about the Public mailing list