Ballot SC48 v2 was adopted, eliminating inaccuracies in the encoding of the domain name and IP address

The CA/B Forum team decided to clarify the rules for encoding domain names and IP addresses. Following discussion and voting, Ballot SC48 v2 was adopted by a majority vote.

Major changes related to SC48v2:

• Avoiding U-labels in CN (U-label is the Unicode representation of an internationalised domain name).
• Rejection of reserved LDH labels that are not XN labels.
• All XN labels must contain valid Punycode.
• More clarity on reserved IP addresses.

Reserved IP addresses are now defined as "IPv4 or IPv6 addresses that are contained in the address block of any entry in any of the following IANA registries [registries here]". The CA should not issue certificates containing internal names or reserved IP addresses. The iPAddress record must not contain a reserved IP address.

You can find the rest of the changes at the following link: https://github.com/cabforum/servercert/pull/285/files.

Subscribe to our updates to stay up to date with the latest news from the world of SSL!