Jeremy, is it possible to distribute this in a redline or comparison format so people can see the changes - Bylaw 2.3 says the following: “If the Draft Guideline Ballot is proposing a Final Maintenance Guideline, such ballot will include a redline or comparison showing the set of changes from the Final Guideline section(s) intended to become a Final Maintenance Guideline ***”.
From: Public [mailto:[email protected]] On Behalf Of Jeremy Rowley via Public Sent: Wednesday, October 4, 2017 1:39 PM To: CA/Browser Forum Public Discussion List <[email protected]> Subject: [EXTERNAL][cabfpub] Ballot 184 - SRVnames Probably time to finish this ballot off. This is the last version I have, slightly modified to remove the 822 and other language. Thoughts? Ballot 184 - SRVNames Amend Section 7.1.4.2.1 as follows: 7.1.4.2.1. Subject Alternative Name Extension Certificate Field: extensions:subjectAltName Required/Optional: Required Contents: This extension MUST contain at least one entry where each included entry is one of the following: 7.1.4.2.1.1. dNSName The subjectAltName extension MAY include one or more dNSName entries provided each entry is either a Fully‐Qualified Domain Name or a Wildcard Domain Name. The CA MUST confirm the Applicant’s ownership or control over each Fully-Qualified Domain Name and Wildcard Domain Name entry in accordance with Section 3.2.2.4. Except where the entry is an Internal Name with onion as the right‐most label in an entry in the subjectAltName Extension or commonName field in accordance with Appendix F of the EV Guidelines, CAs MUST NOT include an Internal Name in a dNSName entry. 7.1.4.2.1.2. iPAddress The subjectAltName MAY include one or more iPAddress entries provided the CA has confirmed the Applicant’s ownership or control over each IP address entry in accordance with Section 3.2.2.5. CAs MUST NOT include any entry that is a Reserved IP Address. 7.1.4.2.1.4. otherName with SRVName { 1.3.6.1.5.5.7.0.18.8.7 } type-id The subjectAltName MAY include one or more SRVNames (as defined in RFC4986) as an otherName entry with the SRVName type-id. The CA MUST verify the name portion of the entry in accordance with Section 3.2.2.4. A CA MUST NOT include a Wildcard Domain Name in any SRVName entry. If a Technically Constrained Subordinate CA Certificate includes a dNSName constraint but does not have a technical constraint for SRVNames, the CA MUST NOT issue certificates containing SRVNames from the Technically Constrained Subordinate CA Certificate. The CA MUST include permitted name subtrees and MAY include excluded name subtrees in all Technically Constrained Subordinate CA Certificate that includes a technical constraint for SRVNames.
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
