Re: [cabfpub] notBefore dates for certificates

> On Aug 1, 2017, at 8:07 PM, Geoff Keating wrote: > >> On 1 Aug 2017, at 6:13 pm, Peter Bowen via Public >> wrote: >> >> We’ve had an interesting situation come up that isn’t clearly covered in the >> BRs. > … >> So I have two questions: >> 1) Does

Re: [cabfpub] notBefore dates for certificates

> On 1 Aug 2017, at 6:13 pm, Peter Bowen via Public wrote: > > We’ve had an interesting situation come up that isn’t clearly covered in the > BRs. … > So I have two questions: > 1) Does anyone think setting a notBefore well before the issuance dates a > problem, as long as

[cabfpub] notBefore dates for certificates

We’ve had an interesting situation come up that isn’t clearly covered in the BRs. We have a customer who has a system that does not have a persistent clock when it is first unboxed. When it powers on, it starts counting from a given point in time (for example 2017-01-01 00:00:00Z). This

Re: [cabfpub] [EXTERNAL]Re: Ballot 190 - Recording BR Version Number

So Wayne, if a change is made to Method 8 only by a ballot, once effective would the text be changed to “VERSION 2 OF”? Then, later, if changes are made to Methods 2, 3, and 4 by a single ballot, the text would be changed to “VERSION 3 OF”, etc.? That is certainly a simpler solution than I

Re: [cabfpub] [EXTERNAL]Re: Ballot 190 - Recording BR Version Number

Ben – here’s a simple approach to versioning the entire section with changes in ALL CAPS: 3.2.2.4. Validation of Domain Authorization or Control This section defines VERSION 1 OF the permitted processes and procedures for validating the Applicant's ownership or control of the domain. The CA

Re: [cabfpub] [EXTERNAL]Re: Ballot 190 - Recording BR Version Number

Wayne, Can you give an example of what embedding would look like? Thanks, Ben From: Wayne Thayer Sent: ‎8/‎1/‎2017 3:58 PM To: Ben Wilson; CA/Browser Forum Public Discussion

Re: [cabfpub] [EXTERNAL]Re: Ballot 190 - Recording BR Version Number

The original concern I raised was with the ballot 190 requirement that CAs begin to log the BR version number associated with the validation method used on each request. My concerns are: 1. The BR version doesn’t clearly indicate when a validation method has changed. As has been stated, the BR

Re: [cabfpub] [Ext] Ballot 202 - Underscore and Wildcard Characters

On Aug 1, 2017, at 11:50 AM, Erwann Abalea wrote: > I personally think the new definition is clear and unambiguous; a label is > composed of arbitrary octets, and can even be empty (which is the case for > the root). But for the new definition to fit our purpose, we

Re: [cabfpub] [Ext] Ballot 202 - Underscore and Wildcard Characters

Oh, I see. All is in the wire format. So in wire format the root itself is one octet (length=00), and since every label is preceded by its length expressed in one octet one shall add the lengths of all labels plus one octet per label (instead of only counting the dot, which is displayed in

Re: [cabfpub] [Ext] Ballot 202 - Underscore and Wildcard Characters

Given that we require entry in global DNS (e.g. no unqualified names), that the longest TLD is 24 characters (xn--vermgensberatung-pwb), and the longest allowed label is 63 characters, and in wire format each character is one octet, the longest allowable SAN is: <36 characters>.<63 chars>.<63

Re: [cabfpub] [Ext] Ballot 202 - Underscore and Wildcard Characters

Bonsoir, I personally think the new definition is clear and unambiguous; a label is composed of arbitrary octets, and can even be empty (which is the case for the root). But for the new definition to fit our purpose, we may need to also include a mention to the « Global DNS » (a new addition

Re: [cabfpub] [EXTERNAL]Re: Ballot 190 - Recording BR Version Number

There are two sides to this - one is with the CAs, where they record what method was used, and the other is at the CA/Browser Forum level, where someone maintains a chart, or whatever, of validation methods in effect, and historically which ones were effective during which periods.

Re: [cabfpub] [EXTERNAL]Re: Ballot 190 - Recording BR Version Number

On 01/08/17 17:00, Ben Wilson wrote: > Are we talking about what the CA records in its database for the validation > method used, or are we talking about annotating the BRs with a record of > when a change was made? I am raising the problem that if there is a list of changes made and it goes out

Re: [cabfpub] [EXTERNAL]Re: Ballot 190 - Recording BR Version Number

Are we talking about what the CA records in its database for the validation method used, or are we talking about annotating the BRs with a record of when a change was made? -Original Message- From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham via Public Sent:

Re: [cabfpub] [Ext] Ballot 202 - Underscore and Wildcard Characters

Thanks for the info, Paul. That new definition, at least to me, seems less clear for our purposes than the current one. That really illustrates my point well though. I don't think we want to tie critical definitions to an outside source that could be changed by groups who likely are not

Re: [cabfpub] [EXTERNAL]Re: Ballot 190 - Recording BR Version Number

On 21/07/17 16:02, Kirk Hall via Public wrote: >> The two responses (Gerv's and mine) are not in conflict, and there is no >> harm in including the extra information in the BRs. I'm a big believer in >> helping people avoid mistakes when it's easy to do. I don't believe that it's good for

[cabfpub] 回复： Ballot 202 and Unicode

We confirm that GDCA accept Peter’s sugguested solution on ballot 202. Thanks. Yongqiang ZHANG 原始邮件 发件人:Kirk Hall via publicpub...@cabforum.org 收件人:publicpub...@cabforum.org 发送时间:2017年8月1日(周二) 08:01 主题:[cabfpub] Ballot 202 and Unicode Thanks for your email, Yongqiang. It looks like GDCA can