I am not 100% sure, but I have read that underscores can exist in domain names: https://stackoverflow.com/questions/2180465/can-domain-name-subdomains-have-an-underscore-in-it
In another thread of this newsgroup, I saw a list of certificates to be revoked because of the underscore issue. And they had underscore domain names in it, either in CN or DNS-Names. So, I wonder, what's the whole forbit-underscore-certificates about? If there are domains out there with underscores, why do you want exclude them from being able to use TLS? Am Samstag, 22. Dezember 2018 03:46:01 UTC+1 schrieb Matt Palmer: > On Fri, Dec 21, 2018 at 06:14:19PM -0800, Lewis Resmond via > dev-security-policy wrote: > > I have read the debate about the underscores and I understand that they > > were never intended in the RFC. > > But I wonder, does it now mean that people who have a domain name with > > underscore will never be able to receive a certificate again? > > There are registered domains -- as in, actual eTLD+1 names -- that have > underscores in them? > > - Matt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
