It was pointed out that the email I sent to CAs stated that the effective
date of the ballot (once it completed the IPR review period) will be
December 10, **2019**. The year is obviously wrong and contradicts the rest
of the message. The correct effective date is December 10, **2018**. All of
the relevant compliance dates in the email are correct, so I'm not planning
to resend the CA communication.
- Wayne
On 11/13/2018 7:18 AM, Wayne Thayer via dev-security-policy wrote:
>> > As you may be aware, the CA/Browser Forum recently passed ballot SC12
>> [1]
>> > creating a sunset period for TLS certificates containing an underscore
>> > ("_") character in the SAN. This practice was widespread until a year
>> ago
>> > when it was pointed out that underscore characters are not permitted in
>> > dNSName name forms, and ballot 202 was proposed to create an exception
>> to
>> > RFC 5280 that would allow the practice to continue. When that ballot
>> > failed, some CAs stopped allowing underscore characters in SANs and
>> others
>> > continued. Ballot SC12 is intended to resolve this inconsistency and
>> > provide clear guidance to auditors.
>> >
>> > The sunset period defined by ballot SC12 is very short. Today Mozilla
>> sent
>> > an email to all CAs in our program informing them of this change and
>> asking
>> > them to take any steps necessary to comply [2].
>> >
>> > - Wayne
>> >
>> > [1]
>> >
>> https://cabforum.org/2018/11/12/ballot-sc-12-sunset-of-underscores-in-dnsnames/
>> > [2]
>> >
>> https://wiki.mozilla.org/CA/Communications#November_2018_CA_Communication_.28Underscores_in_dNSNames.29
>>
>>
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
