I can do that for the longer names, but that takes time to implement and then for support in browsers to develop. I’ll look at our CABF OID tree and figure out how to branch out an OID arc for these two (commonName and organizationName).
From: Carl Wallace [mailto:[email protected]] Sent: Thursday, April 13, 2017 10:56 AM To: CA/Browser Forum Public Discussion List <[email protected]> Cc: Ben Wilson <[email protected]> Subject: Re: [cabfpub] RFC5280-related Ballot - For Discussion Why don't you define new OIDs for the RDNs you want to change the definition of? The spec provides extensibility mechanisms that allow you to do what you want without breaking compliant code. On Apr 13, 2017, at 12:42 PM, Ben Wilson via Public <[email protected] <mailto:[email protected]> > wrote: Any endorsers? From: Public [mailto:[email protected]] On Behalf Of Ben Wilson via Public Sent: Wednesday, April 12, 2017 9:58 AM To: Ryan Sleevi <[email protected] <mailto:[email protected]> >; CA/Browser Forum Public Discussion List <[email protected] <mailto:[email protected]> > Cc: Ben Wilson <[email protected] <mailto:[email protected]> > Subject: Re: [cabfpub] RFC5280-related Ballot - For Discussion Thanks Ryan. I can make that change. From: Ryan Sleevi [mailto:[email protected]] Sent: Tuesday, April 11, 2017 2:43 PM To: CA/Browser Forum Public Discussion List <[email protected] <mailto:[email protected]> > Cc: Ben Wilson <[email protected] <mailto:[email protected]> > Subject: Re: [cabfpub] RFC5280-related Ballot - For Discussion No, encoding it as a UTF8String is not valid in the subjectAltName (whose type dNSName is defined as IA5String) On Tue, Apr 11, 2017 at 4:31 PM, Ben Wilson via Public <[email protected] <mailto:[email protected]> > wrote: If the ballot were amended to address only underscore characters (and delete outdated content), would there be any endorsers? See attached. Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 <tel:(801)%20701-9678> <image002.jpg> From: Public [mailto:[email protected] <mailto:[email protected]> ] On Behalf Of Peter Bowen via Public Sent: Tuesday, April 11, 2017 10:23 AM To: CA/Browser Forum Public Discussion List <[email protected] <mailto:[email protected]> > Cc: Peter Bowen <[email protected] <mailto:[email protected]> > Subject: Re: [cabfpub] RFC5280-related Ballot - For Discussion I agree. There seems to be quite a bit of opposition on the PKIX list to extending the length. It was reasonably pointed out that things that process ASN.1 according to the schema will break. However I would point out that this also rolls the other way — adding underscore should be safe, as the ASN.1 schema already allows this. On Apr 10, 2017, at 12:33 PM, Ryan Sleevi via Public <[email protected] <mailto:[email protected]> > wrote: That's an interesting take. I read the same discussions and took quite the opposite conclusion. On Mon, Apr 10, 2017 at 3:23 PM, Ben Wilson via Public <[email protected] <mailto:[email protected]> > wrote: All, I’ve posted the proposal to the PKIX list and haven’t heard sufficient opposition on that list, IMHO, that would merit holding up this proposed revision to the Baseline Requirements. I need two endorsers for a ballot. Thanks, Ben From: Ryan Sleevi [mailto: <mailto:[email protected]> [email protected]] Sent: Monday, April 3, 2017 9:59 AM To: CA/Browser Forum Public Discussion List < <mailto:[email protected]> [email protected]> Cc: Ben Wilson < <mailto:[email protected]> [email protected]> Subject: Re: [cabfpub] RFC5280-related Ballot - For Discussion For those who want to understand why the IETF rejected this change, the thread begins at https://mailarchive.ietf.org/arch/msg/pkix/MJwKL1lqRDuEAhqQ1Ydb5eWBSIs/?qid=ace7ed4844045716922706d6a80b0747 You can also see https://datatracker.ietf.org/liaison/376/ and the discussion at https://www.ietf.org/mail-archive/web/pkix/current/msg02361.html This was reviewed prior to the production of 5280 - that is, it was known at the time 5280 was produced, and was decided not to adopt - see https://www.ietf.org/mail-archive/web/pkix/current/msg02357.html and https://www.ietf.org/mail-archive/web/pkix/current/msg02336.html On Mon, Apr 3, 2017 at 11:22 AM, Ben Wilson via Public <[email protected] <mailto:[email protected]> > wrote: Here is a redlined version of sections 7.1.4.2.1 and 7.1.4.2.2 of the Baseline Requirements which proposes amendments to the way the Baseline Requirements handle the maximum length for subjectAltName, commonName and organizationName and also clarifies the use of the underscore character. Ben Wilson, JD, CISA, CISSP VP Compliance <tel:(801)%20701-9678> +1 801 701 9678 <image003.jpg> _______________________________________________ Public mailing list [email protected] <mailto:[email protected]> https://cabforum.org/mailman/listinfo/public _______________________________________________ Public mailing list [email protected] <mailto:[email protected]> https://cabforum.org/mailman/listinfo/public _______________________________________________ Public mailing list [email protected] <mailto:[email protected]> https://cabforum.org/mailman/listinfo/public _______________________________________________ Public mailing list [email protected] <mailto:[email protected]> https://cabforum.org/mailman/listinfo/public _______________________________________________ Public mailing list [email protected] <mailto:[email protected]> https://cabforum.org/mailman/listinfo/public
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
