[cabfpub] Pre-Ballot RFC5280-Related Amendments

Ben Wilson ben.wilson at digicert.com
Wed May 17 22:07:02 UTC 2017


I am looking for two endorsers for the following motion:

Ballot ___ - RFC5280-related Amendments 

The current Baseline Requirements do not expressly allow underscore
characters in Subject Alternative Names. This ballot seeks to clarify that
one or more underscore characters ("_") are allowed in FQDNs. 

--Motion Begins-- 

REPLACE Section 7.1.4.2.1 of the Baseline Requirements in its entirety with
the following:

7.1.4.2.1 Subject Alternative Name Extension 

Certificate Field: extensions:subjectAltName 

Required/Optional: Required 

Contents: This extension MUST contain at least one entry. Each entry MUST be
either a dNSName or iPAddress name. 

For entries of the type dNSName, the entry MUST contain the Fully-Qualified
Domain Name that the CA has validated in accordance with section 3.2.2.4.
The FQDN must comply with RFC 5280, Section 4.2.1.6, including that the name
be in "preferred name syntax," with the following exceptions: a single
wildcard character ("*") MAY be present as the left-most, most subordinate
level, if the CA has validated the name consistent with Section 3.2.2.6; and
one or more underscore characters ("_") may be present in the FQDN, in
deviation from the "preferred name syntax". The entry MUST NOT contain an
Internal Name. 

For entries of the type iPAddress, the entry MUST contain an IP address that
the CA has validated in accordance with Section 3.2.2.5. The entry MUST NOT
contain a Reserved IP Address. 

--Motion Ends-- 

 

 

Ben Wilson, JD, CISA, CISSP

VP Compliance

+1 801 701 9678



 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170517/5f2c9735/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 6101 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170517/5f2c9735/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: RFC5280-related-amendmentsv3.pdf
Type: application/pdf
Size: 66236 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170517/5f2c9735/attachment-0002.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4974 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170517/5f2c9735/attachment.p7s>


More information about the Public mailing list