[cabfpub] RFC5280-related Ballot - For Discussion

Ryan Sleevi sleevi at google.com
Tue Apr 11 13:42:47 MST 2017


No, encoding it as a UTF8String is not valid in the subjectAltName (whose
type dNSName is defined as IA5String)

On Tue, Apr 11, 2017 at 4:31 PM, Ben Wilson via Public <public at cabforum.org>
wrote:

> If the ballot were amended to address only underscore characters (and
> delete outdated content), would there be any endorsers?  See attached.
>
>
>
> *Ben Wilson, JD, CISA, CISSP*
>
> VP Compliance
>
> +1 801 701 9678 <(801)%20701-9678>
>
>
>
> *From:* Public [mailto:public-bounces at cabforum.org] *On Behalf Of *Peter
> Bowen via Public
> *Sent:* Tuesday, April 11, 2017 10:23 AM
> *To:* CA/Browser Forum Public Discussion List <public at cabforum.org>
> *Cc:* Peter Bowen <pzb at amzn.com>
>
> *Subject:* Re: [cabfpub] RFC5280-related Ballot - For Discussion
>
>
>
> I agree.  There seems to be quite a bit of opposition on the PKIX list to
> extending the length.  It was reasonably pointed out that things that
> process ASN.1 according to the schema will break.
>
>
>
> However I would point out that this also rolls the other way — adding
> underscore should be safe, as the ASN.1 schema already allows this.
>
>
>
> On Apr 10, 2017, at 12:33 PM, Ryan Sleevi via Public <public at cabforum.org>
> wrote:
>
>
>
> That's an interesting take. I read the same discussions and took quite the
> opposite conclusion.
>
>
>
> On Mon, Apr 10, 2017 at 3:23 PM, Ben Wilson via Public <
> public at cabforum.org> wrote:
>
> All,
>
>
>
> I’ve posted the proposal to the PKIX list and haven’t heard sufficient
> opposition on that list, IMHO, that would merit holding up this proposed
> revision to the Baseline Requirements.  I need two endorsers for a ballot.
>
>
>
> Thanks,
>
>
>
> Ben
>
>
>
> *From:* Ryan Sleevi [mailto:sleevi at google.com]
> *Sent:* Monday, April 3, 2017 9:59 AM
> *To:* CA/Browser Forum Public Discussion List <public at cabforum.org>
> *Cc:* Ben Wilson <ben.wilson at digicert.com>
> *Subject:* Re: [cabfpub] RFC5280-related Ballot - For Discussion
>
>
>
> For those who want to understand why the IETF rejected this change, the
> thread begins at
>
>
>
> https://mailarchive.ietf.org/arch/msg/pkix/MJwKL1lqRDuEAhqQ1Ydb5eWBSIs/?
> qid=ace7ed4844045716922706d6a80b0747
>
>
>
> You can also see https://datatracker.ietf.org/liaison/376/ and the
> discussion at https://www.ietf.org/mail-archive/web/pkix/current/
> msg02361.html
>
>
>
> This was reviewed prior to the production of 5280 - that is, it was known
> at the time 5280 was produced, and was decided not to adopt - see
> https://www.ietf.org/mail-archive/web/pkix/current/msg02357.html and
> https://www.ietf.org/mail-archive/web/pkix/current/msg02336.html
>
>
>
> On Mon, Apr 3, 2017 at 11:22 AM, Ben Wilson via Public <
> public at cabforum.org> wrote:
>
> Here is a redlined version of sections 7.1.4.2.1 and 7.1.4.2.2 of the
> Baseline Requirements which proposes amendments to the way the Baseline
> Requirements handle the maximum length for subjectAltName, commonName and
> organizationName and also clarifies the use of the underscore character.
>
>
>
>
>
> *Ben Wilson, JD, CISA, CISSP*
>
> VP Compliance
>
> +1 801 701 9678 <(801)%20701-9678>
>
> <image003.jpg>
>
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170411/4c404648/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 6120 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170411/4c404648/attachment.jpg>


More information about the Public mailing list