> On Tue, Dec 18, 2018 at 8:19 AM Jakob Bohm via dev-security-policy < > dev-security-policy@lists.mozilla.org> wrote: > > On 10/12/2018 18:09, Ryan Sleevi wrote: > > > On Mon, Dec 10, 2018 at 6:16 AM Buschart, Rufus via > > > dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > > > > >> Hello! > > >> > > >> It would be helpful, if the CA/B or Mozilla could publish a > > >> document on its web pages to which we can redirect our customers, > > >> if they have technical questions about this underscore issue. Right > > >> now, I can only > > tell > > >> them, that they are forbidden because the ballot to explicitly > > >> allow > > them > > >> failed, but not really why. Especially since the first result in > > >> Google > > for > > >> "underscore domain name" is a StackOverflow article ( > > >> https://stackoverflow.com/a/2183140/1426535) stating that it is > > >> technically perfectly okay and also RFC 5280 says "These characters > > >> [underscore and at-sign] often appear in Internet addresses. Such > > >> addresses MUST be encoded using an ASN.1 type that supports them." > > >> > > > > > > There's definitely been a lot of back and forth on this topic. It's > > unclear > > > if you're looking for a clearer statement about why they're > > > forbidden or where they're forbidden. > > > > > > > It is clear that Rufus is looking for a link to the deprecation > > ballot, rather than the old (failed) non-deprecation ballot. > > > > Thanks for sharing your interpretation. I don't think that is an accurate > summary, but it's useful to understand your perspective and > how you interpret things. >
Thank you very much for the good and constructive discussion that followed my question. The main problem I had with this underscore issue is, that the first hit at Google links to a SO article (https://stackoverflow.com/questions/2180465/can-domain-name-subdomains-have-an-underscore-in-it/2183140#2183140) which is a little bit misleading, if not being red with a lot of care. But based on this discussion and the statement of Wayne I think everything is clear now. Thank you once again! /Rufus _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy