Hi Peter, On 19/03/16 16:26, Peter Bowen wrote: > 3) Explicitly allow the commonName in the Subject to contain domain > names encoded using U-labels (meaning a certificate can have > "xn--vernderung-s5a.com” in the SAN and “veränderung.com” in the CN)
Can you explain this one a bit more? It seems to make sense to me that the CN value is always exactly duplicated in the SAN, even if other values are also present. Are you proposing relaxing that requirement? > 4) Allow “_” in FQDNs Domain names may have underscores, but hostnames may not, at least according to: http://stackoverflow.com/questions/2180465/can-domain-name-subdomains-have-an-underscore-in-it Are the things we put in certificates hostnames? Given that SSL is for connecting to internet hosts, it would seem to me that they are. Clue me in by explaining what I'm missing. > Does anyone have suggestions of other things that should be > considered for a BR corrections ballot or think any of my suggested > items should be a separate ballot? Looking at https://bugzilla.cabforum.org/buglist.cgi?bug_status=__open__&product=Baseline%20Requirements how about: https://bugzilla.cabforum.org/show_bug.cgi?id=17 https://bugzilla.cabforum.org/show_bug.cgi?id=19 https://bugzilla.cabforum.org/show_bug.cgi?id=28 and perhaps https://bugzilla.cabforum.org/show_bug.cgi?id=2 Gerv _______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
