Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

Hi Peter The definitions looks good to me as well. I assume you still will replace the FQDN term with “Domain Name” as in the original ballot text? I would like to read a complete updated ballot text to ensure that my concerns are addressed, but this will be standard procedure for a ballot.

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

Bonjour, Right now, I’m not convinced by the proposed definition, because in that registry, at least 192.0.0.9/32 is listed as « Globally Reachable: True », so could be considered as non-Internal IP address by our definition and be present in a certificate, but in fact this IP address is used

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

Bonjour, Having carefully read the definitions, I’m fine with them. The only « invention » is the X-label (and of course the « Conforming xxx »), and one consequence is that an X-label cannot be an A-label. I.e. a dNSName cannot contain a Domain Name for which one of the labels starts with xn--

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

Peter, I also agree, this looks good. Thanks for coming up with a solution! Doug From: Tim Hollebeek [mailto:tholleb...@trustwave.com] Sent: Thursday, July 27, 2017 10:27 AM To: Peter Bowen ; Erwann Abalea ; CA/Browser Forum Public Discussion List

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

Looks good. From: Peter Bowen [mailto:p...@amzn.com] Sent: Thursday, July 27, 2017 9:08 AM To: Erwann Abalea ; CA/Browser Forum Public Discussion List ; mads.henriksv...@buypass.no; Doug Beattie ; Tim Hollebeek

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

Yup, this seems reasonable. Thanks for doing the legwork to come up with a concrete proposal. -Tim From: Peter Bowen [mailto:p...@amzn.com] Sent: Thursday, July 27, 2017 8:23 AM To: Tim Hollebeek ; Erwann Abalea Cc: CA/Browser Forum

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

Erwann, Mads, Doug, and Tim, I appreciate the feedback on the terminology. You have all pointed out similar concerns, namely that Domain Name, FQDN, Domain Label, etc all have existing well known meanings and trying to overload them only confuses things and may have unintended consequences.

Re: [cabfpub] Ballot 202 - Underscore and Wildcard Characters

Tim and Erwann, I agree with Tim. I think the IP Address situation is similar to Internal Domain Names. We know what is _not_ global pretty well, so we have a definition for Internal Name and explicitly say you cannot have those in certificates. On the IP Address side, the current language

[cabfpub] 回复：Unicode

Hi All, Thanks for the attention and work on our concerns. We are deeply sorry for the fact that we have planned to issue certificates with Chinese Domain Names but not one certificate of this kind has been issued, and this is also why we failed to notice and raise our concerns during the