[cabfpub] [Ext] Updated Ballot 190 v3 dated June 30, 2017
Kirk.Hall at entrustdatacard.com
Fri Jun 30 15:43:36 MST 2017
Good point (I would never have thought of that example). Done in upcoming v4.
From: Paul Hoffman [mailto:paul.hoffman at icann.org]
Sent: Friday, June 30, 2017 3:17 PM
To: Kirk Hall <Kirk.Hall at entrustdatacard.com>; CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: [EXTERNAL]Re: [Ext] [cabfpub] Updated Ballot 190 v3 dated June 30, 2017
<raises his hand meekly>
> On Jun 30, 2017, at 3:04 PM, Kirk Hall via Public <public at cabforum.org> wrote:
> “Note: Once the FQDN has been validated using this method, the CA MAY also issue Certificates for other FQDNs that end in the validated FQDN. This method is suitable for validating Wildcard Domain Names.”
> We think that is short and simple, and can’t be misconstrued.
It can be misconstrued, and similar wording has been misconstrued in DNS software in the past.
For a validated FQDN of "example.com", "accounting-example.com" is an FQDN that ends in the validated FQDN.
If you mean "has more labels than the validated FQDN" (as I suspect that you do), it is probably worthwhile to say that directly.
More information about the Public