On 21/03/16 10:59, Gervase Markham wrote: > Hi Peter, > > On 19/03/16 16:26, Peter Bowen wrote: >> 3) Explicitly allow the commonName in the Subject to contain domain >> names encoded using U-labels (meaning a certificate can have >> "xn--vernderung-s5a.com” in the SAN and “veränderung.com” in the CN) > > Can you explain this one a bit more? It seems to make sense to me that > the CN value is always exactly duplicated in the SAN, even if other > values are also present. Are you proposing relaxing that requirement?
Hi Gerv. This has been common practice for years: See https://crt.sh/?cablint=247 See also this thread from a couple of months ago: https://cabforum.org/pipermail/public/2016-January/006631.html >> 4) Allow “_” in FQDNs > > Domain names may have underscores, but hostnames may not, at least > according to: > http://stackoverflow.com/questions/2180465/can-domain-name-subdomains-have-an-underscore-in-it > Are the things we put in certificates hostnames? Given that SSL is for > connecting to internet hosts, it would seem to me that they are. Clue me > in by explaining what I'm missing. "You've entered a special hell. It is dark and scary. You are likely to be eaten by a grue." https://www.mail-archive.com/[email protected]/msg02548.html >> Does anyone have suggestions of other things that should be >> considered for a BR corrections ballot or think any of my suggested >> items should be a separate ballot? > > Looking at > https://bugzilla.cabforum.org/buglist.cgi?bug_status=__open__&product=Baseline%20Requirements > how about: > > https://bugzilla.cabforum.org/show_bug.cgi?id=17 > https://bugzilla.cabforum.org/show_bug.cgi?id=19 > https://bugzilla.cabforum.org/show_bug.cgi?id=28 > and perhaps > https://bugzilla.cabforum.org/show_bug.cgi?id=2 > > Gerv -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
