[cabf_validation] Underscores, DNSNames, and SRVNames

Ryan Sleevi sleevi at google.com
Mon Oct 15 18:34:24 MST 2018

On Mon, Oct 15, 2018 at 1:39 PM Richard Smith <rich at comodoca.com> wrote:

> I take exception to characterizing anything that requires spelunking
> through multiple RFCs which span years (decades?) to figure out whether one
> particular character is allowed or not as clear and unambiguous.

The BRs directly reference one RFC, which directly references two more
RFCs. There's no ecclesiastical knowledge of the high priesthood of PKI
needed to make sense of what the requirements are, nor dowsing rods to
figure out where to find the restrictions are.

Our ETSI friends seem to survive the fact that EN 319 411-1 is going to
reference both EN 319 412-* and EN 319 401, and that each precisely defines
their terms and expectations. While Comodo has adopted a single CPS, I note
many members of the Forum have adopted one-or-more CP and one-or-more CPS,
and the world does not end.

I'm pushing back here precisely because all CAs are expected to understand
the RFCs relevant to the operation of a CA. If there's a view that it's too
hard to find what's needed, there's a process that CAs can try and bring
clarity - proposing a document that incorporates these changes and clarity
to the IETF, trying to find consensus, and publishing as an RFC.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20181015/8f121d10/attachment-0001.html>

More information about the Validation mailing list