Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

<p...@amzn.com>; Erwann Abalea <erwann.aba...@docusign.com>; CA/Browser Forum Public Discussion List <public@cabforum.org>; Doug Beattie <doug.beat...@globalsign.com>; Tim Hollebeek <tholleb...@trustwave.com> Subject: Re: [cabfpub] Ballot 202 - Underscore and Wi

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

On 21/07/17 20:44, Doug Beattie via Public wrote: > I’m sorry I didn’t spend more time on this during the review period, but > I think it’s a mistake to define Domain Name to include wildcard > values. I understand the issues with saying “Domain Name and Wildcard > FQDN ” everywhere in the spec,

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

: [cabfpub] Ballot 202 - Underscore and Wildcard Characters Erwann, Mads, Doug, and Tim, I appreciate the feedback on the terminology. You have all pointed out similar concerns, namely that Domain Name, FQDN, Domain Label, etc all have existing well known meanings and trying to overload them only

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

/Browser Forum Public Discussion List <public@cabforum.org<mailto:public@cabforum.org>> Subject: Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters Erwann, Thank you for your detailed feedback and I appreciate you providing context for your vote. With regards to reserved IP

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

Bonjour, Having carefully read the definitions, I’m fine with them. The only « invention » is the X-label (and of course the « Conforming xxx »), and one consequence is that an X-label cannot be an A-label. I.e. a dNSName cannot contain a Domain Name for which one of the labels starts with xn--

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

cussion List <public@cabforum.org>; mads.henriksv...@buypass.no; Doug Beattie <doug.beat...@globalsign.com> Cc: Ben Wilson <ben.wil...@digicert.com>; paul.hoff...@icann.org Subject: RE: [cabfpub] Ballot 202 - Underscore and Wildcard Characters Looks good. From: Peter Bowen [mailto

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

gt;; Tim Hollebeek <tholleb...@trustwave.com> Cc: Ben Wilson <ben.wil...@digicert.com>; paul.hoff...@icann.org Subject: Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters Erwann, Mads, Doug, and Tim, I appreciate the feedback on the terminology. You have all pointed out similar

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

rowser Forum Public Discussion List <public@cabforum.org> Subject: Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters Tim and Erwann, I agree with Tim. I think the IP Address situation is similar to Internal Domain Names. We know what is _not_ global pretty well, so we have a defin

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

Erwann, Mads, Doug, and Tim, I appreciate the feedback on the terminology. You have all pointed out similar concerns, namely that Domain Name, FQDN, Domain Label, etc all have existing well known meanings and trying to overload them only confuses things and may have unintended consequences.

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

en > via Public > Sent: Tuesday, July 25, 2017 3:02 PM > To: Erwann Abalea <erwann.aba...@docusign.com>; CA/Browser Forum Public > Discussion List <public@cabforum.org> > Subject: Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters > > Erwann, > >

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

blic-boun...@cabforum.org>] On Behalf Of ?? via Public > Sent: Wednesday, July 26, 2017 1:44 AM > To: 'CA/Browser Forum Public Discussion List' <public@cabforum.org > <mailto:public@cabforum.org>> > Cc: '赵改侠' <gxz...@cfca.com.cn <mailto:gxz...@cfca.com.cn>> &g

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

ublic@cabforum.org> Subject: [EXTERNAL]Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters Buypass votes NO. We support the main intent with the ballot, but the changes in the definitions and the use of them may be problematic. We need a term covering the “applied-for” Domain Name to b

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

<ben.wil...@digicert.com<mailto:ben.wil...@digicert.com>>, CA/Browser Forum Public Discussion List <public@cabforum.org<mailto:public@cabforum.org>> Date: Wednesday, 12 July, 2017 at 13:24 To: CABFPub <public@cabforum.org<mailto:public@cabforum.org>> Subject: [cabfpu

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

. Regards Mads From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via Public Sent: 20. juli 2017 00:34 To: Peter Bowen; CA/Browser Forum Public Discussion List; Ryan Sleevi Subject: Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters Also, I have capitalized “Domain

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

My understanding is that the punycode issue is not altered by this ballot, because the current definitions state: Domain Name: The label assigned to a node in the Domain Name System. and in the DNS, the label assigned to a node with an internationalised domain name is encoded in punycode. So

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

On Wed, Jul 26, 2017 at 12:41 PM, Kirk Hall via Public wrote: > Peter, Ben, and Ryan – do you have a response to the punycode issue raised > by CFCA, GDCA, and SHECA? Kirk, Is a response needed? It's 1 AM in China. Are you expecting these CAs to change their votes? Are you

[cabfpub] Ballot 202 - Underscore and Wildcard Characters

: '赵改侠' <gxz...@cfca.com.cn> Subject: [EXTERNAL][cabfpub] Reply: Ballot 202 - Underscore and Wildcard Characters CFCA votes No we suggest that the punycode shouldn't be applied on SSL certs in this approach. For non-English countries, the domain name may be displayed wrong in some browers

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

4 To: CABFPub <public@cabforum.org<mailto:public@cabforum.org>> Subject: [cabfpub] Ballot 202 - Underscore and Wildcard Characters Ballot 202 - Underscore and Wildcard Characters The current Baseline Requirements do not expressly allow underscore characters in Subject Alternative Name

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

Disig votes "YESs". Regards Peter From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via Public Sent: Wednesday, July 12, 2017 7:24 PM To: CABFPub <public@cabforum.org> Subject: [cabfpub] Ballot 202 - Underscore and Wildcard Characters Ballot

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

> On Jul 25, 2017, at 1:01 PM, Peter Bowen wrote: > > >>> On Jul 25, 2017, at 12:25 PM, Geoff Keating wrote: >>> >>> >>> On 25 Jul 2017, at 12:01 pm, Peter Bowen via Public >>> wrote: >>> >>> Erwann, >>> >>> Thank you for your

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

> On Jul 25, 2017, at 12:25 PM, Geoff Keating wrote: > > >> On 25 Jul 2017, at 12:01 pm, Peter Bowen via Public > > wrote: >> >> Erwann, >> >> Thank you for your detailed feedback and I appreciate you providing context >>

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

> On 25 Jul 2017, at 12:01 pm, Peter Bowen via Public > wrote: > > Erwann, > > Thank you for your detailed feedback and I appreciate you providing context > for your vote. > > With regards to reserved IP addresses, the definition in the current BRs > allows a CA to

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

Bonsoir, DocuSign France votes No. While there are good clarifications around domain names, FQDNs, wildcards, and reserved labels, there are a few drawbacks: 1. Underscores in SAN:dNSName entries. It’s not the current BR that disallows underscores in dNSNames, it’s X.509 and RFC5280 (and

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

Apple votes Yes. Curt > On Jul 19, 2017, at 3:33 PM, Ben Wilson via Public > wrote: > > Also, I have capitalized “Domain Name” in the definition of “Domain Label”, > as shown below and in the attached PDF document. > > On Jul 19, 2017, at 3:52 PM, Peter Bowen

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

TrustCor votes ‘YES’ on Ballot 202 Neil ___ Public mailing list Public@cabforum.org https://cabforum.org/mailman/listinfo/public

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

HARICA votes "yes" to ballot 202. Dimitris. On 20/7/2017 4:50 μμ, Peter Bowen via Public wrote: On Jul 20, 2017, at 1:23 AM, Gervase Markham via Public > wrote: On 19/07/17 23:34, Ben Wilson via Public wrote: DigiCert votes “Yes” Is the

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

Let's Encrypt votes YES on Ballot 202. On Wed, Jul 12, 2017 at 10:24 AM, Ben Wilson via Public wrote: > *Ballot 202 - Underscore and Wildcard Characters* > > The current Baseline Requirements do not expressly allow underscore > characters in Subject Alternative Names. This

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

Google votes YES ___ Public mailing list Public@cabforum.org https://cabforum.org/mailman/listinfo/public

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

6:34 PM To: Peter Bowen <p...@amzn.com>; CA/Browser Forum Public Discussion List <public@cabforum.org>; Ryan Sleevi <sle...@google.com> Subject: Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters Also, I have capitalized “Domain Name” in the definition of “Domain

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

Symantec votes YES on Ballot 202. Dean Coclin -Original Message- From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Rob Stradling via Public Sent: Thursday, July 20, 2017 5:55 PM To: public@cabforum.org Subject: Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

Le 20 juil. 2017 à 23:13, Peter Bowen > a écrit : On Jul 20, 2017, at 11:02 AM, Erwann Abalea > wrote: Le 20 juil. 2017 à 16:52, Ryan Sleevi > a

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

If people are curious, as I was, about why RFC 5890 restricts use of Reserved LDH Labels, here is what I believe to be the relevant paragraph: https://tools.ietf.org/html/rfc5890#page-8 > Labels within the class of R-LDH labels that are not prefixed with > "xn--" are also not valid IDNA labels.

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

*Ben Wilson via Public *Sent:*Wednesday, July 19, 2017 4:34 PM *To:*Peter Bowen <p...@amzn.com <mailto:p...@amzn.com>>; CA/Browser Forum Public Discussion List <public@cabforum.org <mailto:public@cabforum.org>>; Ryan Sleevi <sle...@google.com <mailto:sle...@google

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

> On Jul 20, 2017, at 11:02 AM, Erwann Abalea > wrote: > > >> Le 20 juil. 2017 à 16:52, Ryan Sleevi a écrit : >> >> On Thu, Jul 20, 2017 at 10:16 AM, Erwann Abalea >> wrote: >>> Bonjour, >>> >>> Looking back in

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

> Le 20 juil. 2017 à 16:52, Ryan Sleevi a écrit : > > On Thu, Jul 20, 2017 at 10:16 AM, Erwann Abalea > wrote: >> Bonjour, >> >> Looking back in time on the list for a reason to allow for underscore in >> SAN:dNSName, I found basically 2

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

Bonjour, Looking back in time on the list for a reason to allow for underscore in SAN:dNSName, I found basically 2 potential reasons: - allow things such as « _sip._tls.xxx.com » - provide certificates for names that are not internet routable, such as «

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

> On Jul 20, 2017, at 1:23 AM, Gervase Markham via Public > wrote: > > On 19/07/17 23:34, Ben Wilson via Public wrote: >> DigiCert votes “Yes” > > Is the text of this motion still exactly as was posted on the 12th July, > or have there been any updates to it during the

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

On 19/07/17 23:34, Ben Wilson via Public wrote: > DigiCert votes “Yes” Is the text of this motion still exactly as was posted on the 12th July, or have there been any updates to it during the discussion period? Gerv ___ Public mailing list

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

lson via Public > Sent: Wednesday, July 19, 2017 4:34 PM > To: Peter Bowen <p...@amzn.com <mailto:p...@amzn.com>>; CA/Browser Forum > Public Discussion List <public@cabforum.org <mailto:public@cabforum.org>>; > Ryan Sleevi <sle...@google.com <mailto:sle...@g

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

om> Subject: Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters Also, I have capitalized “Domain Name” in the definition of “Domain Label”, as shown below and in the attached PDF document. On Jul 19, 2017, at 3:52 PM, Peter Bowen <p...@amzn.com <mailto:p...@amzn.com> &

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

, 2017 3:49 PM To: Ben Wilson <ben.wil...@digicert.com>; CA/Browser Forum Public Discussion List <public@cabforum.org>; Ryan Sleevi <sle...@google.com> Subject: Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters One more update before voting starts, based on a re

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

Thanks to all who provided comments. I’ve integrated the feedback from Kirk, Geoff, and Wayne, including using the definitions that Geoff proposed. BR text that has changed is in red. Additionally we dropping the proposed change for fully qualified domain name. Ryan and Ben have agreed to

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

On Sat, Jul 15, 2017 at 3:09 PM, Peter Bowen via Public wrote: > Kirk, > > The 190 draft I posted explicitly assumes this ballot 202 passes. It used > the BRs with these changes integrated as the “before” version and only > tracks further changes. This Ballot 202 adds

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

coordinate the two? > > From: Public [mailto:public-boun...@cabforum.org > <mailto:public-boun...@cabforum.org>] On Behalf Of Ben Wilson via Public > Sent: Wednesday, July 12, 2017 10:24 AM > To: CABFPub <public@cabforum.org <mailto:public@cabforum.org>> >

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

Thanks Ben! In the Domain Name definition, I forgot to send you a second sentence: "Fully-Qualified Domain Names and Wildcard Domain Names are Domain Names.” So D. would read: In Section 1.6.1 of the Baseline Requirements, REPLACE the definition for "Domain Name" with the following: A set of