[cabfpub] Pre-Ballot: Underscore Characters in SANs

Ben Wilson ben.wilson at digicert.com
Thu Apr 20 10:07:19 MST 2017


All,

 

I'm looking for two endorsers for a proposed amendment to section 7.1.4.2.1
of the Baseline Requirements--to be modified to allow the underscore
character ("_") in SANs and to remove the sunset language in that section
related to internal names and reserved IP addresses.  The revised section
7.1.4.2.1 would read as follows:

 

7.1.4.2.1.             Subject Alternative Name Extension

Certificate Field: extensions:subjectAltName

Required/Optional:  Required

Contents:  This extension MUST contain at least one entry.  Each entry MUST
be either a dNSName containing the Fully-Qualified Domain Name or an
iPAddress containing the IP address of a server.  The CA MUST confirm that
the Applicant controls the Fully-Qualified Domain Name or IP address or has
been granted the right to use it by the Domain Name Registrant or IP address
assignee, as appropriate.

Wildcard FQDNs and underscores in FQDNs (encoded as IA5 strings) are
permitted.  

CAs SHALL NOT issue a certificate with a subjectAlternativeName extension or
Subject commonName field containing a Reserved IP Address or Internal Name.


 

Thanks,

Ben

 

Ben Wilson, JD, CISA, CISSP

VP Compliance

+1 801 701 9678



 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170420/af5f88e4/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 6100 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170420/af5f88e4/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4974 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20170420/af5f88e4/attachment-0001.bin>


More information about the Public mailing list