[Servercert-wg] [EXTERNAL]Re: Results on Ballot 202 – Underscore Character in SANs

[Bruce Morton]

We support this as well.

Bruce.

From: Servercert-wg [mailto:servercert-wg-bounces at cabforum.org] On Behalf Of Tim Hollebeek via Servercert-wg
Sent: September 5, 2018 8:34 AM
To: Wayne Thayer <wthayer at mozilla.com>; CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>; Doug Beattie <doug.beattie at globalsign.com>
Subject: [EXTERNAL]Re: [Servercert-wg] Results on Ballot 202 – Underscore Character in SANs

We also support this.

-Tim

From: Servercert-wg <servercert-wg-bounces at cabforum.org<mailto:servercert-wg-bounces at cabforum.org>> On Behalf Of Wayne Thayer via Servercert-wg
Sent: Tuesday, September 4, 2018 7:27 PM
To: Doug Beattie <doug.beattie at globalsign.com<mailto:doug.beattie at globalsign.com>>; CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org<mailto:servercert-wg at cabforum.org>>
Subject: Re: [Servercert-wg] Results on Ballot 202 – Underscore Character in SANs

I agree with your assessment Doug, and I think it would be great to get this fixed. I've got a few other ballots in my queue, but I would be happy to take a crack at this if no one else gets to it first.

Wayne


On Tue, Sep 4, 2018 at 1:27 PM Doug Beattie via Servercert-wg <servercert-wg at cabforum.org<mailto:servercert-wg at cabforum.org>> wrote:
Given Ballot 202 failed last year, is issuing certificates with underscore in them considered a misissuance?  It’s not compliant with RFC 5280, but it’s listed just as a warning by the linters (and verbally agreed among many that it’s acceptable).
https://crt.sh/?cablint=issues shows 136 certificates issued with underscores in the past week.
It’s unfortunate the ballot failed for unrelated issues because I think we all agreed that underscores were OK, but technically it seems like they are misissuances.
Doug

From: Public <public-bounces at cabforum.org<mailto:public-bounces at cabforum.org>> On Behalf Of Kirk Hall via Public
Sent: Wednesday, July 26, 2017 6:30 PM
To: CA/Browser Forum Public Discussion List <public at cabforum.org<mailto:public at cabforum.org>>
Subject: [cabfpub] Results on Ballot 202 – Underscore Character in SANs

Results on Ballot 202 – Underscore Character in SANs

The voting period for Ballot 202 has ended, and the ballot has failed.  Here are the results.

Voting by CAs – 19 votes total, including abstentions

12 Yes votes: Actalis, Amazon, Cisco, Comodo, DigiCert, Disig, HARICA, Let's Encrypt, QuoVadis, Symantec, TrustCor, Trustwave
7 No votes: Buypass, CFCA, DocuSign France, Entrust, GDCA, GlobalSign, SHECA
0 Abstain:
63% of voting CAs voted in favor

Voting by browsers – 3 votes total, including abstentions

3 Yes votes: Apple, Google, Mozilla
0 No votes:
0 Abstain:
100% of voting browsers voted in favor

Under Bylaw 2.2(g), a ballot result will be considered valid only when more than half of the number of currently active Members has participated. Votes to abstain are counted in determining a quorum.  Half of currently active Members as of the start of voting is 10, so quorum was 11 votes.  22 votes (including abstentions) were cast – quorum was met.

At least one CA Member and one browser Member must vote in favor of a ballot for the ballot to be adopted.  This requirement was met.

Bylaw 2.2(f) requires a yes vote by two-thirds of CA votes and 50%-plus-one browser votes for approval.  Votes to abstain are not counted for this purpose.  This requirement was met for browsers but was not met for CAs.

Ballot 202 fails.


_______________________________________________
Servercert-wg mailing list
Servercert-wg at cabforum.org<mailto:Servercert-wg at cabforum.org>
http://cabforum.org/mailman/listinfo/servercert-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20180905/96f91a18/attachment-0001.html>