[cabfpub] Ballot 169 - Revised Validation Requirements
Ben Wilson
ben.wilson at digicert.com
Thu Jul 28 15:52:10 UTC 2016
Would the sponsor (Jeremy) and endorsers (Tim and Doug) accept Peter's
proposal as a friendly amendment before the review period ends tomorrow?
Also, would they accept my proposed amendment to the definition of "Test
Certificate"? If so, then we can amend the ballot for these two issues
before voting starts tomorrow afternoon.
Cheers,
Ben
-----Original Message-----
From: Peter Bowen [mailto:pzb at amzn.com]
Sent: Thursday, July 28, 2016 9:33 AM
To: Ryan Sleevi <sleevi at google.com>; Ben Wilson <ben.wilson at digicert.com>;
CABFPub <public at cabforum.org>
Subject: Re: [cabfpub] Ballot 169 - Revised Validation Requirements
> On Jul 22, 2016, at 11:25 AM, Ryan Sleevi <sleevi at google.com> wrote:
>
> Regrettably, despite multiple readings throughout this, I appear to have
missed some things in the definitions.
>
> I'm mostly hoping for clarification, as it might simply be wording issues
that can be corrected without changing the substance or intent of the
ballot.
>
> On Fri, Jul 22, 2016 at 11:06 AM, Ben Wilson <ben.wilson at digicert.com>
wrote:
>
> Base Domain Name: The portion of an applied-for FQDN that is the first
domain name node left of a registry-controlled or public suffix plus the
registry-controlled or public suffix (e.g. "example.co.uk" or
"example.com"). For gTLDs, the domain www.[gTLD] will be considered to be a
Base Domain.
>
>
> Why the "For gTLDs" clause? Is "www.[gTLD]" reserved by ICANN? Is this
meant as a clause for Spec-13 situations? For example, as I read it, if
Google wanted to get a certificate for "foo.google", the combined definition
of "Authorization Domain Name" and "Base Domain Name" would potentially
prohibit this - that is, as worded, it suggests "For gTLDs" is mutually
exclusive with the preceding sentence.
>
> I'm unclear if this was meant to be "will also be" - but if so, it's
unclear why the gTLD case isn't handled previously. Is it meant to permit
the WHOIS lookups for such spec-13 gTLDs? If so, it would only be necessary
if you're applying for a bare certificate (either "*.[gTLD]" or [gTLD], and
the latter is either prohibited or strongly-discouraged per ICANN SSAC on
single-label hosts)
>
> QUESTION: Can someone explain the context/intent of this clause?
> SUGGESTION: Can this clause be removed? Would the addition of the word
"also" change the semantic meaning or interpretation?
You are correct that the second sentence is confusing and unnecessary. I
would propose that the definition be changed to read:
"Base Domain Name: The portion of an applied-for FQDN that is the first
domain name node left of a registry-controlled or public suffix plus the
registry-controlled or public suffix (e.g. "example.co.uk" or
"example.com"). For FQDNs where the right most domain name node is a gTLD
having ICANN specification 13 in its registry agreement, gTLD itself may be
used as the base domain name."
Thanks,
Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4954 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160728/4609860e/attachment-0001.p7s>
More information about the Public
mailing list