[cabfpub] Updated Ballot 190 v4 dated June 30, 2017
Kirk.Hall at entrustdatacard.com
Fri Jun 30 15:47:55 MST 2017
Paul - how does this look? Thanks for your help.
Note: Once the FQDN has been validated using this method, the CA MAY also issue Certificates for other FQDNs that have more labels than the validated FQDN and end in the validated FQDN. This method is suitable for validating Wildcard Domain Names.
From: Paul Hoffman [mailto:paul.hoffman at icann.org]
Sent: Friday, June 30, 2017 3:17 PM
To: Kirk Hall <Kirk.Hall at entrustdatacard.com>; CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: [EXTERNAL]Re: [Ext] [cabfpub] Updated Ballot 190 v3 dated June 30, 2017
<raises his hand meekly>
> On Jun 30, 2017, at 3:04 PM, Kirk Hall via Public <public at cabforum.org<mailto:public at cabforum.org>> wrote:
> “Note: Once the FQDN has been validated using this method, the CA MAY also issue Certificates for other FQDNs that end in the validated FQDN. This method is suitable for validating Wildcard Domain Names.”
> We think that is short and simple, and can’t be misconstrued.
It can be misconstrued, and similar wording has been misconstrued in DNS software in the past.
For a validated FQDN of "example.com", "accounting-example.com" is an FQDN that ends in the validated FQDN.
If you mean "has more labels than the validated FQDN" (as I suspect that you do), it is probably worthwhile to say that directly.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Public