[cabfpub] Pre-Ballot: Underscore Characters in SANs
Ben Wilson
ben.wilson at digicert.com
Thu Apr 20 17:07:19 UTC 2017
All,
I'm looking for two endorsers for a proposed amendment to section 7.1.4.2.1
of the Baseline Requirements--to be modified to allow the underscore
character ("_") in SANs and to remove the sunset language in that section
related to internal names and reserved IP addresses. The revised section
7.1.4.2.1 would read as follows:
7.1.4.2.1. Subject Alternative Name Extension
Certificate Field: extensions:subjectAltName
Required/Optional: Required
Contents: This extension MUST contain at least one entry. Each entry MUST
be either a dNSName containing the Fully-Qualified Domain Name or an
iPAddress containing the IP address of a server. The CA MUST confirm that
the Applicant controls the Fully-Qualified Domain Name or IP address or has
been granted the right to use it by the Domain Name Registrant or IP address
assignee, as appropriate.
Wildcard FQDNs and underscores in FQDNs (encoded as IA5 strings) are
permitted.
CAs SHALL NOT issue a certificate with a subjectAlternativeName extension or
Subject commonName field containing a Reserved IP Address or Internal Name.
Thanks,
Ben
Ben Wilson, JD, CISA, CISSP
VP Compliance
+1 801 701 9678
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170420/af5f88e4/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 6100 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170420/af5f88e4/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4974 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170420/af5f88e4/attachment-0001.bin>
More information about the Public
mailing list