ÃÛÌÒTV

Announcements 11-30-2018

ÃÛÌÒTV pushes underscore extension

Vincent Lynch

Earlier this year, certain browsers in the CA/Browser Forum mandated that underscore certificates be revoked immediately due to new interpretations of the standard that is incorporated by reference into the CA/Browser Forum Baseline Requirements.

This resulted in an ongoing discussion in the CA/Browser Forum over the course of this year: should underscore certificates be immediately revoked?

Last year ÃÛÌÒTV championed a ballot to explicitly allow underscores in certificates (Ballot 202). When that ballot failed, due to votes by the browsers and a couple of CAs, it left the legality of underscores unresolved.

As discussions have been ongoing, ÃÛÌÒTV has maintained its focus on customers and the impact immediate revocation would have. Since our attempt at a permanent approval for underscores failed, we requested an extension to revocation and reached an agreement with the industry.

Ballot SC12, which ÃÛÌÒTV voted for, established the extension to allow existing underscore certificates to remain until January 14, 2019. We voted for this ballot because passing this would allow a migration period for affected customers. Several CAs and browsers voted against this ballot, presumably wanting a shorter migration period. If this ballot had failed, all CAs would have been forced to immediately revoke underscore certificates with no time allowed for a migration period.

ÃÛÌÒTV and all other CAs are now required to revoke certificates with underscores to comply with these new industry standards. Note that this applies to all publicly-trusted SSL certificates which contain any domain names with an underscore (in the Common Name or SANs). This does not affect other types of certificates, such as code signing, document signing, and so on.

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

11-27-2024

6 actionable ways to secure the IIoT at every stage

Tracking the progress toward post-quantum cryptography

The state of PQC since the publication of FIPS 203, 204 and 205