Re: [Trans] Compatibility of name redaction and EV
Rob Stradling <rob.stradling@comodo.com> Tue, 19 August 2014 21:47 UTC
Return-Path: <rob.stradling@comodo.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA10A1A6F28 for <trans@ietfa.amsl.com>; Tue, 19 Aug 2014 14:47:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.29
X-Spam-Level:
X-Spam-Status: No, score=-1.29 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_NET=0.611, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K16WhJrGAm90 for <trans@ietfa.amsl.com>; Tue, 19 Aug 2014 14:47:44 -0700 (PDT)
Received: from ian.brad.office.comodo.net (eth5.brad-fw.brad.office.ccanet.co.uk [178.255.87.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B78091A0AD2 for <trans@ietf.org>; Tue, 19 Aug 2014 14:47:43 -0700 (PDT)
Received: (qmail 19513 invoked by uid 1000); 19 Aug 2014 21:47:41 -0000
Received: from and0004.comodo.net (HELO [192.168.0.58]) (192.168.0.58) (smtp-auth username rob, mechanism plain) by ian.brad.office.comodo.net (qpsmtpd/0.40) with (AES128-SHA encrypted) ESMTPSA; Tue, 19 Aug 2014 22:47:41 +0100
Message-ID: <53F3C5FD.5000709@comodo.com>
Date: Tue, 19 Aug 2014 22:47:41 +0100
From: Rob Stradling <rob.stradling@comodo.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: Ben Laurie <benl@google.com>, Stephen Kent <kent@bbn.com>
References: <CABrd9SQ=mW7DoQUkXGv5M=nuoR1fTFG5N1Qc_PyK+mtm6E6s_A@mail.gmail.com> <53F25A33.5020405@bbn.com> <CABrd9SQcYQCV93CC-1DocNwOrKa0aJVqMaOMVRPWJt3pinvuiA@mail.gmail.com> <53F26610.8000608@bbn.com> <CABrd9SQWyNjvHdZXJ_eZCg4iFtdUxrWDQL1uVuAM+xnvdMCdFA@mail.gmail.com> <53F39933.8030706@bbn.com> <CABrd9SRXC+n4D=L9CcxuhXuQBj0Ff=KrW81r_J8ZWAurxUL1xA@mail.gmail.com>
In-Reply-To: <CABrd9SRXC+n4D=L9CcxuhXuQBj0Ff=KrW81r_J8ZWAurxUL1xA@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/9TLLQJT-vbsjgXZBav8y6-QySV0
Cc: "trans@ietf.org" <trans@ietf.org>
Subject: Re: [Trans] Compatibility of name redaction and EV
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Aug 2014 21:47:46 -0000
On 19/08/14 19:59, Ben Laurie wrote: > On 19 August 2014 11:36, Stephen Kent <kent@bbn.com> wrote: <snip> >> In Section 7.2, there is another reference to EV certs, in the context of >> wildcard use. In that instance the RFC suggests that the guidelines >> published in 2009 allowed wildcards, whereas the RFC argued against their >> use except in one specific location. I agree that the last sentence of RFC6125 section 7.2 does seem to imply that EV Guidelines v1.2 permits wildcards. This implication is incorrect. > It would be interesting to know if this is why EV now disallows wildcards. It isn't. The EV Guidelines have never permitted wildcards. CABForum made that decision that all by itself. EV Guidelines v1.0, published 2007, says "Wildcard certificates are not allowed for EV certificates". v1.2, cited by RFC6125, says the same thing. The current version, v1.4.5, says it twice! EV Guidelines v1.0 predated the CERTID non-WG (which produced RFC6125) by several years. -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online
- [Trans] Compatibility of name redaction and EV Ben Laurie
- Re: [Trans] Compatibility of name redaction and EV Stephen Kent
- Re: [Trans] Compatibility of name redaction and EV Ben Laurie
- Re: [Trans] Compatibility of name redaction and EV Stephen Kent
- Re: [Trans] Compatibility of name redaction and EV Ben Laurie
- Re: [Trans] Compatibility of name redaction and EV Stephen Kent
- Re: [Trans] Compatibility of name redaction and EV Ben Laurie
- Re: [Trans] Compatibility of name redaction and EV Stephen Kent
- Re: [Trans] Compatibility of name redaction and EV Ben Laurie
- Re: [Trans] Compatibility of name redaction and EV Rob Stradling
- Re: [Trans] Compatibility of name redaction and EV Melinda Shore
- Re: [Trans] Compatibility of name redaction and EV Stephen Kent
- Re: [Trans] Compatibility of name redaction and EV Stephen Kent