[cabfpub] [Ext] Ballot 202 - Underscore and Wildcard Characters

Paul Hoffman paul.hoffman at icann.org
Tue Aug 1 20:23:15 UTC 2017


On Aug 1, 2017, at 11:50 AM, Erwann Abalea <Erwann.Abalea at docusign.com> wrote:
> I personally think the new definition is clear and unambiguous; a label is composed of arbitrary octets, and can even be empty (which is the case for the root). But for the new definition to fit our purpose, we may need to also include a mention to the « Global DNS » (a new addition in 7719bis), which clarifies the label lengths, global length, common root, and other things.

Indeed. The DNSOP WG realized that some definitions in RFC 7719 have a hidden assumption of "the DNS that we all know but don't really name", but others applied to "domain names that are not part of the DNS, such as '.onion'". That difference probably applies to the BRs.

> One question for Paul: at Global DNS/Composition of names, it is said that a domain name has a max length of 255 octets in wire format, and the root represents one octet. Does that octet account for the leading dot, or in addition to the leading dot?

Neither. In the *wire* format from RFC 1035, there are no dots. Each label has one octet that is a length field with a value between 0 and 63, and then that number of octets following.

The *display* format is the one with the dots.

> In other words, should an FQDN expressed in a SAN:dNSName be limited to 254 octets, or 253 octets?

253.

Display format (in ASCII notation): www.example.com

Wire format (in hex notation): 03777777076578616d706c6503636f6d00

--Paul Hoffman


More information about the Public mailing list