[cabfpub] BR "corrections" ballot

Gervase Markham gerv at mozilla.org
Mon Mar 21 03:59:20 MST 2016


Hi Peter,

On 19/03/16 16:26, Peter Bowen wrote:
> 3) Explicitly allow the commonName in the Subject to contain domain
> names encoded using U-labels (meaning a certificate can have
> "xn--vernderung-s5a.com” in the SAN and “veränderung.com” in the CN)

Can you explain this one a bit more? It seems to make sense to me that
the CN value is always exactly duplicated in the SAN, even if other
values are also present. Are you proposing relaxing that requirement?

> 4) Allow “_” in FQDNs

Domain names may have underscores, but hostnames may not, at least
according to:
http://stackoverflow.com/questions/2180465/can-domain-name-subdomains-have-an-underscore-in-it
Are the things we put in certificates hostnames? Given that SSL is for
connecting to internet hosts, it would seem to me that they are. Clue me
in by explaining what I'm missing.

> Does anyone have suggestions of other things that should be
> considered for a BR corrections ballot or think any of my suggested
> items should be a separate ballot?

Looking at
https://bugzilla.cabforum.org/buglist.cgi?bug_status=__open__&product=Baseline%20Requirements
how about:

https://bugzilla.cabforum.org/show_bug.cgi?id=17
https://bugzilla.cabforum.org/show_bug.cgi?id=19
https://bugzilla.cabforum.org/show_bug.cgi?id=28
and perhaps
https://bugzilla.cabforum.org/show_bug.cgi?id=2

Gerv


More information about the Public mailing list