[cabfpub] Proposed Ballot 183 - Allowing 822 Names and (limited) otherNames

Kirk Hall Kirk.Hall at entrustdatacard.com
Mon Jan 9 16:36:01 MST 2017


Everyone – please make sure your Subject line for this topic says “Ballot 184” (Jeremy’s new ballot number, adopted a couple of days ago).  Ballot 183 is the voting rules draft that Virginia is working on.

From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Geoff Keating via Public
Sent: Monday, January 9, 2017 2:24 PM
To: Rob Stradling <rob.stradling at comodo.com>
Cc: Geoff Keating <geoffk at apple.com>; CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] Proposed Ballot 183 - Allowing 822 Names and (limited) otherNames



On Jan 9, 2017, at 1:10 PM, Rob Stradling <rob.stradling at comodo.com<mailto:rob.stradling at comodo.com>> wrote:

On 09/01/17 17:39, Rich Smith via Public wrote:
<snip>

Scenario:
We ignore this and Ryan's arguments against, and we pass this proposal.
Next month we decide that the various browsers all now have enough
support for critical name constraints to update the BRs to MUST, but
because it will break your newly authorized dual-use certs Digicert is
now arguing against bringing the BRs back into full compliance w/RFC5280.

Geoff,

Would you (or anyone else from Apple) be able to provide CABForum with data on the % of currently deployed Apple devices that support critical name constraints?

Sure, although of course only public data.  We have this page:

https://developer.apple.com/support/app-store/

which shows that "76% of devices are using iOS 10” and an additional 18% using iOS 9, as of January 4, for a total of 94% supporting name constraints.  For macOS, I don’t believe Apple publishes numbers, but there’s public data here:

http://netmarketshare.com/operating-system-market-share.aspx?qprid=10&qpcustomd=0

which if you strip out the non-macOS systems, looks like this:

[cid:image001.png at 01D26A8E.13734F30]

for 68% of devices running macOS 10.12 or OS X 10.11 in December 2017, and so supporting name constraints.  (I won't endorse the accuracy of the netmarketshare numbers, but they explain their methodology and so you can form your own opinion.)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170109/9ed177ad/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 146954 bytes
Desc: image001.png
URL: <http://cabforum.org/pipermail/public/attachments/20170109/9ed177ad/attachment-0001.png>


More information about the Public mailing list