[cabfpub] [Ext] Updated Ballot 190 v3 dated June 30, 2017
paul.hoffman at icann.org
Fri Jun 30 22:16:56 UTC 2017
<raises his hand meekly>
> On Jun 30, 2017, at 3:04 PM, Kirk Hall via Public <public at cabforum.org> wrote:
> “Note: Once the FQDN has been validated using this method, the CA MAY also issue Certificates for other FQDNs that end in the validated FQDN. This method is suitable for validating Wildcard Domain Names.”
> We think that is short and simple, and can’t be misconstrued.
It can be misconstrued, and similar wording has been misconstrued in DNS software in the past.
For a validated FQDN of "example.com", "accounting-example.com" is an FQDN that ends in the validated FQDN.
If you mean "has more labels than the validated FQDN" (as I suspect that you do), it is probably worthwhile to say that directly.
More information about the Public