On Monday, November 12, 2018 at 3:19:17 PM UTC-8, Wayne Thayer wrote: > As you may be aware, the CA/Browser Forum recently passed ballot SC12 [1] > creating a sunset period for TLS certificates containing an underscore > ("_") character in the SAN. This practice was widespread until a year ago > when it was pointed out that underscore characters are not permitted in > dNSName name forms, and ballot 202 was proposed to create an exception to > RFC 5280 that would allow the practice to continue. When that ballot > failed, some CAs stopped allowing underscore characters in SANs and others > continued. Ballot SC12 is intended to resolve this inconsistency and > provide clear guidance to auditors. > > The sunset period defined by ballot SC12 is very short. Today Mozilla sent > an email to all CAs in our program informing them of this change and asking > them to take any steps necessary to comply [2]. > > - Wayne > > [1] > https://cabforum.org/2018/11/12/ballot-sc-12-sunset-of-underscores-in-dnsnames/ > [2] > https://wiki.mozilla.org/CA/Communications#November_2018_CA_Communication_.28Underscores_in_dNSNames.29
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy