Addressing non-FQDNs and new gTLDs in SSL Baseline Requirements
0 likes559 views
The document outlines the CA/Browser Forum's phases of deprecating and revoking certificates for internal domain names, including commonly used TLDs like .local and .private. It began in 2009 by proposing to expand reserved names, launched a public review of requirements in 2011, made the requirements effective in 2012 by requiring CAs to notify customers of the change, and set revocation dates between 2015-2016. It also discusses the forum's rules for certificates containing new gTLDs once they are approved.
Addressing non-FQDNs and new gTLDs in SSL Baseline Requirements
- 2. May 2009 - ICANN should consider expanding reserved names of RFC 2606 to include commonly used internal TLDs, such as .internal, .local, .private, .corp, .home May 2011 CABF announces public review of Baseline Requirements with plan to sunset internal names July 2012 Baseline Requirements effective CA must notify customers that non-FQDNs deprecated Nov. 1, 2015 No Issuance of Certificates with non-FQDNs October 1, 2016 - All Internal Name Certificates revoked February 2013 Ballot 96 amends Baseline Requirements
- 3. CA shouldnt issue certificate with proposed gTLD CA must warn applicant that certificates with applied-for gTLD will be revoked when approved 30 days to review existing certificates and cease issuing certificates containing new gTLD 120 days to revoke certificate containing new gTLD Unless Applicant entitled to use domain under new gTLD
- 4. https://www.cabforum.org/GuidanceDeprecated-Internal-Names.pdf Ben Wilson, CA/Browser Forum www.cabforum.org