No, encoding it as a UTF8String is not valid in the subjectAltName (whose type dNSName is defined as IA5String)
On Tue, Apr 11, 2017 at 4:31 PM, Ben Wilson via Public <[email protected]> wrote: > If the ballot were amended to address only underscore characters (and > delete outdated content), would there be any endorsers? See attached. > > > > *Ben Wilson, JD, CISA, CISSP* > > VP Compliance > > +1 801 701 9678 <(801)%20701-9678> > > > > *From:* Public [mailto:[email protected]] *On Behalf Of *Peter > Bowen via Public > *Sent:* Tuesday, April 11, 2017 10:23 AM > *To:* CA/Browser Forum Public Discussion List <[email protected]> > *Cc:* Peter Bowen <[email protected]> > > *Subject:* Re: [cabfpub] RFC5280-related Ballot - For Discussion > > > > I agree. There seems to be quite a bit of opposition on the PKIX list to > extending the length. It was reasonably pointed out that things that > process ASN.1 according to the schema will break. > > > > However I would point out that this also rolls the other way — adding > underscore should be safe, as the ASN.1 schema already allows this. > > > > On Apr 10, 2017, at 12:33 PM, Ryan Sleevi via Public <[email protected]> > wrote: > > > > That's an interesting take. I read the same discussions and took quite the > opposite conclusion. > > > > On Mon, Apr 10, 2017 at 3:23 PM, Ben Wilson via Public < > [email protected]> wrote: > > All, > > > > I’ve posted the proposal to the PKIX list and haven’t heard sufficient > opposition on that list, IMHO, that would merit holding up this proposed > revision to the Baseline Requirements. I need two endorsers for a ballot. > > > > Thanks, > > > > Ben > > > > *From:* Ryan Sleevi [mailto:[email protected]] > *Sent:* Monday, April 3, 2017 9:59 AM > *To:* CA/Browser Forum Public Discussion List <[email protected]> > *Cc:* Ben Wilson <[email protected]> > *Subject:* Re: [cabfpub] RFC5280-related Ballot - For Discussion > > > > For those who want to understand why the IETF rejected this change, the > thread begins at > > > > https://mailarchive.ietf.org/arch/msg/pkix/MJwKL1lqRDuEAhqQ1Ydb5eWBSIs/? > qid=ace7ed4844045716922706d6a80b0747 > > > > You can also see https://datatracker.ietf.org/liaison/376/ and the > discussion at https://www.ietf.org/mail-archive/web/pkix/current/ > msg02361.html > > > > This was reviewed prior to the production of 5280 - that is, it was known > at the time 5280 was produced, and was decided not to adopt - see > https://www.ietf.org/mail-archive/web/pkix/current/msg02357.html and > https://www.ietf.org/mail-archive/web/pkix/current/msg02336.html > > > > On Mon, Apr 3, 2017 at 11:22 AM, Ben Wilson via Public < > [email protected]> wrote: > > Here is a redlined version of sections 7.1.4.2.1 and 7.1.4.2.2 of the > Baseline Requirements which proposes amendments to the way the Baseline > Requirements handle the maximum length for subjectAltName, commonName and > organizationName and also clarifies the use of the underscore character. > > > > > > *Ben Wilson, JD, CISA, CISSP* > > VP Compliance > > +1 801 701 9678 <(801)%20701-9678> > > <image003.jpg> > > > > > _______________________________________________ > Public mailing list > [email protected] > https://cabforum.org/mailman/listinfo/public > > > > > _______________________________________________ > Public mailing list > [email protected] > https://cabforum.org/mailman/listinfo/public > > > > _______________________________________________ > Public mailing list > [email protected] > https://cabforum.org/mailman/listinfo/public > > > > _______________________________________________ > Public mailing list > [email protected] > https://cabforum.org/mailman/listinfo/public > >
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
