Hi Peter
The definitions looks good to me as well.
I assume you still will replace the FQDN term with “Domain Name” as in the
original ballot text? I would like to read a complete updated ballot text to
ensure that my concerns are addressed, but this will be standard procedure for
a ballot.
Bonjour,
Right now, I’m not convinced by the proposed definition, because in that
registry, at least 192.0.0.9/32 is listed as « Globally Reachable: True », so
could be considered as non-Internal IP address by our definition and be present
in a certificate, but in fact this IP address is used
Bonjour,
Having carefully read the definitions, I’m fine with them.
The only « invention » is the X-label (and of course the « Conforming xxx »),
and one consequence is that an X-label cannot be an A-label. I.e. a dNSName
cannot contain a Domain Name for which one of the labels starts with xn--
Peter,
I also agree, this looks good. Thanks for coming up with a solution!
Doug
From: Tim Hollebeek [mailto:tholleb...@trustwave.com]
Sent: Thursday, July 27, 2017 10:27 AM
To: Peter Bowen ; Erwann Abalea ;
CA/Browser Forum Public Discussion List
Looks good.
From: Peter Bowen [mailto:p...@amzn.com]
Sent: Thursday, July 27, 2017 9:08 AM
To: Erwann Abalea ; CA/Browser Forum Public
Discussion List ; mads.henriksv...@buypass.no; Doug
Beattie ; Tim Hollebeek
Yup, this seems reasonable. Thanks for doing the legwork to come up with a
concrete proposal.
-Tim
From: Peter Bowen [mailto:p...@amzn.com]
Sent: Thursday, July 27, 2017 8:23 AM
To: Tim Hollebeek ; Erwann Abalea
Cc: CA/Browser Forum
Erwann, Mads, Doug, and Tim,
I appreciate the feedback on the terminology. You have all pointed out similar
concerns, namely that Domain Name, FQDN, Domain Label, etc all have existing
well known meanings and trying to overload them only confuses things and may
have unintended consequences.
Tim and Erwann,
I agree with Tim. I think the IP Address situation is similar to Internal
Domain Names. We know what is _not_ global pretty well, so we have a
definition for Internal Name and explicitly say you cannot have those in
certificates.
On the IP Address side, the current language
Hi All,
Thanks for the attention and work on our concerns.
We are deeply sorry for the fact that we have planned to issue certificates
with Chinese Domain Names but not one certificate of this kind has been issued,
and this is also why we failed to notice and raise our concerns during the