It was pointed out that the email I sent to CAs stated that the effective date of the ballot (once it completed the IPR review period) will be December 10, **2019**. The year is obviously wrong and contradicts the rest of the message. The correct effective date is December 10, **2018**. All of the relevant compliance dates in the email are correct, so I'm not planning to resend the CA communication.
- Wayne On 11/13/2018 7:18 AM, Wayne Thayer via dev-security-policy wrote: >> > As you may be aware, the CA/Browser Forum recently passed ballot SC12 >> [1] >> > creating a sunset period for TLS certificates containing an underscore >> > ("_") character in the SAN. This practice was widespread until a year >> ago >> > when it was pointed out that underscore characters are not permitted in >> > dNSName name forms, and ballot 202 was proposed to create an exception >> to >> > RFC 5280 that would allow the practice to continue. When that ballot >> > failed, some CAs stopped allowing underscore characters in SANs and >> others >> > continued. Ballot SC12 is intended to resolve this inconsistency and >> > provide clear guidance to auditors. >> > >> > The sunset period defined by ballot SC12 is very short. Today Mozilla >> sent >> > an email to all CAs in our program informing them of this change and >> asking >> > them to take any steps necessary to comply [2]. >> > >> > - Wayne >> > >> > [1] >> > >> https://cabforum.org/2018/11/12/ballot-sc-12-sunset-of-underscores-in-dnsnames/ >> > [2] >> > >> https://wiki.mozilla.org/CA/Communications#November_2018_CA_Communication_.28Underscores_in_dNSNames.29 >> >> _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy