[cabfpub] BR "corrections" ballot

Gervase Markham gerv at mozilla.org
Mon Mar 21 11:56:41 UTC 2016

On 21/03/16 11:49, Rob Stradling wrote:
> What would be the downside of saying that subject:commonName, if
> included in the cert, MUST contain either the A-label form or U-label
> form of one of the SAN:dNSName values?

Converting using IDNA2003 or IDNA2008? :-))

In a data structure designed for computer consumption, why would you not
want to write the computer-readable, as opposed to human-readable,
version of the label? My security spider-sense tells me that allowing
multiple "equivalent" forms of a name in a security context, rather than
requiring a single canonical form, is a good way of getting nasty bugs.


More information about the Public mailing list