[Servercert-wg] [EXTERNAL]Re: Results on Ballot 202 – Underscore Character in SANs
Bruce.Morton at entrustdatacard.com
Wed Sep 5 06:05:30 MST 2018
We support this as well.
From: Servercert-wg [mailto:servercert-wg-bounces at cabforum.org] On Behalf Of Tim Hollebeek via Servercert-wg
Sent: September 5, 2018 8:34 AM
To: Wayne Thayer <wthayer at mozilla.com>; CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>; Doug Beattie <doug.beattie at globalsign.com>
Subject: [EXTERNAL]Re: [Servercert-wg] Results on Ballot 202 – Underscore Character in SANs
We also support this.
From: Servercert-wg <servercert-wg-bounces at cabforum.org<mailto:servercert-wg-bounces at cabforum.org>> On Behalf Of Wayne Thayer via Servercert-wg
Sent: Tuesday, September 4, 2018 7:27 PM
To: Doug Beattie <doug.beattie at globalsign.com<mailto:doug.beattie at globalsign.com>>; CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org<mailto:servercert-wg at cabforum.org>>
Subject: Re: [Servercert-wg] Results on Ballot 202 – Underscore Character in SANs
I agree with your assessment Doug, and I think it would be great to get this fixed. I've got a few other ballots in my queue, but I would be happy to take a crack at this if no one else gets to it first.
On Tue, Sep 4, 2018 at 1:27 PM Doug Beattie via Servercert-wg <servercert-wg at cabforum.org<mailto:servercert-wg at cabforum.org>> wrote:
Given Ballot 202 failed last year, is issuing certificates with underscore in them considered a misissuance? It’s not compliant with RFC 5280, but it’s listed just as a warning by the linters (and verbally agreed among many that it’s acceptable).
https://crt.sh/?cablint=issues shows 136 certificates issued with underscores in the past week.
It’s unfortunate the ballot failed for unrelated issues because I think we all agreed that underscores were OK, but technically it seems like they are misissuances.
From: Public <public-bounces at cabforum.org<mailto:public-bounces at cabforum.org>> On Behalf Of Kirk Hall via Public
Sent: Wednesday, July 26, 2017 6:30 PM
To: CA/Browser Forum Public Discussion List <public at cabforum.org<mailto:public at cabforum.org>>
Subject: [cabfpub] Results on Ballot 202 – Underscore Character in SANs
Results on Ballot 202 – Underscore Character in SANs
The voting period for Ballot 202 has ended, and the ballot has failed. Here are the results.
Voting by CAs – 19 votes total, including abstentions
12 Yes votes: Actalis, Amazon, Cisco, Comodo, DigiCert, Disig, HARICA, Let's Encrypt, QuoVadis, Symantec, TrustCor, Trustwave
7 No votes: Buypass, CFCA, DocuSign France, Entrust, GDCA, GlobalSign, SHECA
63% of voting CAs voted in favor
Voting by browsers – 3 votes total, including abstentions
3 Yes votes: Apple, Google, Mozilla
0 No votes:
100% of voting browsers voted in favor
Under Bylaw 2.2(g), a ballot result will be considered valid only when more than half of the number of currently active Members has participated. Votes to abstain are counted in determining a quorum. Half of currently active Members as of the start of voting is 10, so quorum was 11 votes. 22 votes (including abstentions) were cast – quorum was met.
At least one CA Member and one browser Member must vote in favor of a ballot for the ballot to be adopted. This requirement was met.
Bylaw 2.2(f) requires a yes vote by two-thirds of CA votes and 50%-plus-one browser votes for approval. Votes to abstain are not counted for this purpose. This requirement was met for browsers but was not met for CAs.
Ballot 202 fails.
Servercert-wg mailing list
Servercert-wg at cabforum.org<mailto:Servercert-wg at cabforum.org>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Servercert-wg