[Servercert-wg] Results on Ballot 202 – Underscore Character in SANs

Wayne Thayer wthayer at mozilla.com
Tue Sep 4 16:27:01 MST 2018 

I agree with your assessment Doug, and I think it would be great to get
this fixed. I've got a few other ballots in my queue, but I would be happy
to take a crack at this if no one else gets to it first.

Wayne


On Tue, Sep 4, 2018 at 1:27 PM Doug Beattie via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> Given Ballot 202 failed last year, is issuing certificates with underscore
> in them considered a misissuance?  It’s not compliant with RFC 5280, but
> it’s listed just as a warning by the linters (and verbally agreed among
> many that it’s acceptable).
>
> https://crt.sh/?cablint=issues shows 136 certificates issued with
> underscores in the past week.
>
> It’s unfortunate the ballot failed for unrelated issues because I think we
> all agreed that underscores were OK, but technically it seems like they are
> misissuances.
>
> Doug
>
>
>
> *From:* Public <public-bounces at cabforum.org> *On Behalf Of *Kirk Hall via
> Public
> *Sent:* Wednesday, July 26, 2017 6:30 PM
> *To:* CA/Browser Forum Public Discussion List <public at cabforum.org>
> *Subject:* [cabfpub] Results on Ballot 202 – Underscore Character in SANs
>
>
>
> *Results on Ballot 202 – Underscore Character in SANs*
>
>
>
> The voting period for Ballot 202 has ended, and the ballot has *failed*.
> Here are the results.
>
>
>
> *Voting by CAs – 19 votes total, including abstentions*
>
>
>
> 12 Yes votes: Actalis, Amazon, Cisco, Comodo, DigiCert, Disig, HARICA,
> Let's Encrypt, QuoVadis, Symantec, TrustCor, Trustwave
>
> 7 No votes: Buypass, CFCA, DocuSign France, Entrust, GDCA, GlobalSign,
> SHECA
>
> 0 Abstain:
>
> 63% of voting CAs voted in favor
>
>
>
> *Voting by browsers – 3 votes total, including abstentions*
>
>
>
> 3 Yes votes: Apple, Google, Mozilla
>
> 0 No votes:
>
> 0 Abstain:
>
> 100% of voting browsers voted in favor
>
>
>
> Under Bylaw 2.2(g), a ballot result will be considered valid only when
> more than half of the number of currently active Members has participated.
> Votes to abstain are counted in determining a quorum.  Half of currently
> active Members as of the start of voting is 10, so quorum was 11 votes.  22
> votes (including abstentions) were cast – *quorum was met*.
>
>
>
> At least one CA Member and one browser Member must vote in favor of a
> ballot for the ballot to be adopted.  This requirement was *met*.
>
>
>
> Bylaw 2.2(f) requires a yes vote by two-thirds of CA votes and
> 50%-plus-one browser votes for approval.  Votes to abstain are not counted
> for this purpose.  This requirement was met for browsers but was *not met*
> for CAs.
>
>
>
> *Ballot 202 fails.*
>
>
>
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> http://cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20180904/93726d2e/attachment-0001.html>

More information about the Servercert-wg mailing list