[cabfpub] RFC5280-related Ballot - For Discussion
Ben Wilson
ben.wilson at digicert.com
Wed Apr 12 15:58:01 UTC 2017
Thanks Ryan. I can make that change.
From: Ryan Sleevi [mailto:sleevi at google.com]
Sent: Tuesday, April 11, 2017 2:43 PM
To: CA/Browser Forum Public Discussion List <public at cabforum.org>
Cc: Ben Wilson <ben.wilson at digicert.com>
Subject: Re: [cabfpub] RFC5280-related Ballot - For Discussion
No, encoding it as a UTF8String is not valid in the subjectAltName (whose type dNSName is defined as IA5String)
On Tue, Apr 11, 2017 at 4:31 PM, Ben Wilson via Public <public at cabforum.org <mailto:public at cabforum.org> > wrote:
If the ballot were amended to address only underscore characters (and delete outdated content), would there be any endorsers? See attached.
Ben Wilson, JD, CISA, CISSP
VP Compliance
+1 801 701 9678 <tel:(801)%20701-9678>
From: Public [mailto:public-bounces at cabforum.org <mailto:public-bounces at cabforum.org> ] On Behalf Of Peter Bowen via Public
Sent: Tuesday, April 11, 2017 10:23 AM
To: CA/Browser Forum Public Discussion List <public at cabforum.org <mailto:public at cabforum.org> >
Cc: Peter Bowen <pzb at amzn.com <mailto:pzb at amzn.com> >
Subject: Re: [cabfpub] RFC5280-related Ballot - For Discussion
I agree. There seems to be quite a bit of opposition on the PKIX list to extending the length. It was reasonably pointed out that things that process ASN.1 according to the schema will break.
However I would point out that this also rolls the other way — adding underscore should be safe, as the ASN.1 schema already allows this.
On Apr 10, 2017, at 12:33 PM, Ryan Sleevi via Public <public at cabforum.org <mailto:public at cabforum.org> > wrote:
That's an interesting take. I read the same discussions and took quite the opposite conclusion.
On Mon, Apr 10, 2017 at 3:23 PM, Ben Wilson via Public <public at cabforum.org <mailto:public at cabforum.org> > wrote:
All,
I’ve posted the proposal to the PKIX list and haven’t heard sufficient opposition on that list, IMHO, that would merit holding up this proposed revision to the Baseline Requirements. I need two endorsers for a ballot.
Thanks,
Ben
From: Ryan Sleevi [mailto: <mailto:sleevi at google.com> sleevi at google.com]
Sent: Monday, April 3, 2017 9:59 AM
To: CA/Browser Forum Public Discussion List < <mailto:public at cabforum.org> public at cabforum.org>
Cc: Ben Wilson < <mailto:ben.wilson at digicert.com> ben.wilson at digicert.com>
Subject: Re: [cabfpub] RFC5280-related Ballot - For Discussion
For those who want to understand why the IETF rejected this change, the thread begins at
https://mailarchive.ietf.org/arch/msg/pkix/MJwKL1lqRDuEAhqQ1Ydb5eWBSIs/?qid=ace7ed4844045716922706d6a80b0747
You can also see https://datatracker.ietf.org/liaison/376/ and the discussion at https://www.ietf.org/mail-archive/web/pkix/current/msg02361.html
This was reviewed prior to the production of 5280 - that is, it was known at the time 5280 was produced, and was decided not to adopt - see https://www.ietf.org/mail-archive/web/pkix/current/msg02357.html and https://www.ietf.org/mail-archive/web/pkix/current/msg02336.html
On Mon, Apr 3, 2017 at 11:22 AM, Ben Wilson via Public <public at cabforum.org <mailto:public at cabforum.org> > wrote:
Here is a redlined version of sections 7.1.4.2.1 and 7.1.4.2.2 of the Baseline Requirements which proposes amendments to the way the Baseline Requirements handle the maximum length for subjectAltName, commonName and organizationName and also clarifies the use of the underscore character.
Ben Wilson, JD, CISA, CISSP
VP Compliance
<tel:(801)%20701-9678> +1 801 701 9678
<image003.jpg>
_______________________________________________
Public mailing list
Public at cabforum.org <mailto:Public at cabforum.org>
https://cabforum.org/mailman/listinfo/public
_______________________________________________
Public mailing list
Public at cabforum.org <mailto:Public at cabforum.org>
https://cabforum.org/mailman/listinfo/public
_______________________________________________
Public mailing list
Public at cabforum.org <mailto:Public at cabforum.org>
https://cabforum.org/mailman/listinfo/public
_______________________________________________
Public mailing list
Public at cabforum.org <mailto:Public at cabforum.org>
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170412/e182f258/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 6001 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170412/e182f258/attachment-0003.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4974 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170412/e182f258/attachment-0001.p7s>
More information about the Public
mailing list