Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

Thanks to all who provided comments. I’ve integrated the feedback from Kirk, Geoff, and Wayne, including using the definitions that Geoff proposed. BR text that has changed is in red. Additionally we dropping the proposed change for fully qualified domain name. Ryan and Ben have agreed to th

Re: [cabfpub] [EXTERNAL]Re: Problems with Ballot 202

Peter – I agree. Adding “starting with” to the new definition is enough to resolve this concern. Thanks, Wayne From: Peter Bowen Date: Tuesday, July 18, 2017 at 7:01 PM To: Wayne Thayer , CA/Browser Forum Public Discussion List Subject: Re: [cabfpub] [EXTERNAL]Re: Problems with Ballot 202 Wa

Re: [cabfpub] [EXTERNAL]Re: Problems with Ballot 202

Wayne, Based on Geoff’s recommendation, Ben, Ryan, and I were going to update the definitions as follows: Domain Label: A label of a domain name, as defined in RFC 5890 section 2.2; for example, the domain name "www.example.com " is composed of three labels: "www", "ex

Re: [cabfpub] [EXTERNAL]Re: Problems with Ballot 202

Peter, Would you consider adding ‘in the left most Domain Label’ to the definition of Wildcard Domain Name? While the definition of Authorization Domain Name contradicts this, it was pointed out to me that someone unfamiliar with the history might misinterpret the new definition to allow someth

[cabfpub] Ballot 190 - Recording BR Version Number

Ballot 190 Includes the following statement in 3.2.2.4: The CA SHALL maintain a record of which domain validation method, including relevant BR version number, they used to validate every domain. While I understand the logic behind this, I’m concerned about the “relevant BR version number”. Thi

Re: [cabfpub] [EXTERNAL]Re: Ballot 182/190 revision

Peter, let me just comment on the 4.2.1 language. The new language was added in Ballot 190 to create a permanent rule applicable in the future, not just as a stop-gap for the Ballot 169 / 180-82 situation. Meaning, if any validation method is incrementally improved by a future ballot, it will

[cabfpub] .well-known and re-directs

We recently encountered a reoccurring scenario while using .well-known to validate a certificate. The customer is trying to validate basedomain.com using http://basedomain.com/.well-known/pki-validation/[page ]. However, the server redirect

Re: [cabfpub] Revocation ballot

> On Jul 18, 2017, at 12:03 AM, Jeremy Rowley > wrote: > > Hi Geoff, > > I'm not sure I understand your post. Are you commenting on the proposed > changes or what's currently in the document? From what I read, you'd like to > see the 24 hour rule remain except in the limited circumstance

Re: [cabfpub] Revocation ballot

Hi Geoff, I'm not sure I understand your post. Are you commenting on the proposed changes or what's currently in the document? From what I read, you'd like to see the 24 hour rule remain except in the limited circumstances described below? I do think these timeframes are a bit loose.