[cabfpub] FW: BR – Contradiction on gTLDs

Dean Coclin Dean_Coclin at symantec.com
Tue May 24 09:52:40 UTC 2016

Forum-Please review this question.



From: Adam, Daniel (US - San Francisco) 
Sent: Friday, May 20, 2016 3:59 AM
To: Sheehy, Don 
Subject: Can you send this to the CA/B Forum public list?


Subject: BR – Contradiction on gTLDs


Baseline Requirements 1.3.4 defines an ‘Internal Name’ as: A string of characters (not an IP address) in a Common Name or Subject Alternative Name field of a Certificate that cannot be verified as globally unique within the public DNS at the time of certificate issuance because it does not end with a Top Level Domain registered in IANA’s Root Zone Database.


Section 4.2.2 states that CAs SHOULD NOT issue certificates containing new gTLDs under consideration by ICANN and warn the applicant of this etc.. This suggests that, although not recommended, it is still permissible for CAs to issue these type of certificates. However, this appears to be contradicted in Section which states that CAs SHALL NOT issue certificates containing an Internal Name that expire later than 1 November 2015. Since we are well past that date, this is interpreted as CAs SHALL NOT issue any more certificates containing Internal Names, which includes any gTLDs that are under consideration by ICANN as those are publically unresolvable (and by definition, an ‘Internal Name’) until the day they are included in the IANA Root Zone.


Therefore, isn’t this criterion in 4.2.2 redundant as these certificates are not supposed to be issued anymore?




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160524/2a7913fb/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5747 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160524/2a7913fb/attachment.p7s>

More information about the Public mailing list