On Thu, May 18, 2017 at 10:13 AM, Gervase Markham <[email protected]> wrote:
> On 17/05/17 17:40, Ryan Sleevi via Public wrote: > > As such, it's unclear what the intended outcome of this is. Is it meant > > to be binding on CAs? If so, we should look to be more explicit. > > The intent is to be explicit about what is currently implicit; there was > a message to this list a while back saying that all methods except IP > Address were suitable for issuance of wildcards, but that required a > very close reading of the text, and it seemed to make sense to make it > explicit. > > So yes, it's intended to be normative. > Would you be open to addressing it in a separate ballot, so that we can work through the issues and nuance here (and in relation to authorized domain names and base domain names)? > > > It's also unclear whether the 'intent' of the wildcard certificate was > > also to encompass the validation of subdomains, or their use in > > Authorization Domain Names. > > At one point in one draft, the phrase covered both. > I see. Was this just a private draft? I'm trying to better understand what has been explored and discussed, to make more productive contributions. > I think it was Peter who did the analysis; but again, the aim here is to > make clear existing rules, not to make new rules. If we are failing in > that, we should change it. If you want to change the rules, that would > probably be a separate ballot :-) > The fact that you highlighted it requires a very strict reading, but I'm having trouble of finding that discussion, suggests that it's reasonable that some folks may see even the 'notes' as introducing new rules. Certainly, we saw a number of CAs feeling that the 'data reuse' was new rules, despite it also being long-standing in the BRs through reading, and what CAs voted on (in Ballot 169).
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
