[cabfpub] Proposed Ballot 183 - Allowing 822 Names and (limited) otherNames

Geoff Keating geoffk at apple.com
Mon Jan 9 22:23:45 UTC 2017

> On Jan 9, 2017, at 1:10 PM, Rob Stradling <rob.stradling at comodo.com> wrote:
> On 09/01/17 17:39, Rich Smith via Public wrote:
> <snip>
>> Scenario:
>> We ignore this and Ryan's arguments against, and we pass this proposal.
>> Next month we decide that the various browsers all now have enough
>> support for critical name constraints to update the BRs to MUST, but
>> because it will break your newly authorized dual-use certs Digicert is
>> now arguing against bringing the BRs back into full compliance w/RFC5280.
> Geoff,
> Would you (or anyone else from Apple) be able to provide CABForum with data on the % of currently deployed Apple devices that support critical name constraints?

Sure, although of course only public data.  We have this page:


which shows that "76% of devices are using iOS 10” and an additional 18% using iOS 9, as of January 4, for a total of 94% supporting name constraints.  For macOS, I don’t believe Apple publishes numbers, but there’s public data here:


which if you strip out the non-macOS systems, looks like this:

for 68% of devices running macOS 10.12 or OS X 10.11 in December 2017, and so supporting name constraints.  (I won't endorse the accuracy of the netmarketshare numbers, but they explain their methodology and so you can form your own opinion.)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170109/795bec11/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2017-01-09 at 2.12.49 PM.png
Type: image/png
Size: 476959 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170109/795bec11/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3321 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170109/795bec11/attachment-0001.p7s>

More information about the Public mailing list