All,
I'm looking for two endorsers for a proposed amendment to section 7.1.4.2.1
of the Baseline Requirements--to be modified to allow the underscore
character ("_") in SANs and to remove the sunset language in that section
related to internal names and reserved IP addresses. The revised section
7.1.4.2.1 would read as follows:
7.1.4.2.1. Subject Alternative Name Extension
Certificate Field: extensions:subjectAltName
Required/Optional: Required
Contents: This extension MUST contain at least one entry. Each entry MUST
be either a dNSName containing the Fully-Qualified Domain Name or an
iPAddress containing the IP address of a server. The CA MUST confirm that
the Applicant controls the Fully-Qualified Domain Name or IP address or has
been granted the right to use it by the Domain Name Registrant or IP address
assignee, as appropriate.
Wildcard FQDNs and underscores in FQDNs (encoded as IA5 strings) are
permitted.
CAs SHALL NOT issue a certificate with a subjectAlternativeName extension or
Subject commonName field containing a Reserved IP Address or Internal Name.
Thanks,
Ben
Ben Wilson, JD, CISA, CISSP
VP Compliance
+1 801 701 9678
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
