Discussion period begins: SC-86v3: Sunset the Inclusion of Domain Names with an IP Reverse Zone Suffix

[Corey Bonnell]

Purpose of Ballot

 

The IP Reverse Address Domain Names (“in-addr.arpa” and “ip6.arpa”) are components of the Internet infrastructure and are not intended to include hostnames. As a result, it is undesirable to permit the issuance of publicly trusted TLS certificates containing hostnames under “in-addr.arpa” and “ip6.arpa”. This ballot establishes a sunset on this practice.

 

Motion

 

The following motion has been proposed by Corey Bonnell (DigiCert) and endorsed by Clint Wilson (Apple) and Tobias Josefowitz (Opera).

 

Motion Begins

 

MODIFY the “Baseline Requirements for the Issuance and Management of Publicly-Trusted TLS Server Certificates” (“TLS Baseline Requirements”) based on Version 2.1.7 as specified in the following redline:

 

https://github.com/cabforum/servercert/compare/b6a014d4aee244c019ef6ca41667045cdbfefb81...b249b191249e834aeffb32dc633249ad55658e1a

 

Motion Ends

 

This ballot proposes a Final Maintenance Guideline. The procedure for approval of this ballot is as follows:

 

Discussion (at least 7 days)

 

Start time: 2025-10-23 11:30 UTC

End time: Not before 2025-10-30 11:30 UTC

 

Vote for approval (7 days)

 

Start time: TBD

End time: TBD

 

[Corey Bonnell]

End time: 2025-11-03 17:00 UTC

 

Vote for approval (7 days)

 

Start time: 2025-11-03 17:00 UTC

End time: 2025-11-10 17:00 UTC

 

[Ben Wilson]

Mozilla votes "Yes" for Ballot SC-086v3.

Thanks,

Ben

--
You received this message because you are subscribed to the Google Groups "Server Certificate WG (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to servercert-w...@groups.cabforum.org.
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/DS0PR14MB6216E7B09679B59D84698B3392C7A%40DS0PR14MB6216.namprd14.prod.outlook.com.

[Dustin Hollenback]

Apple votes “Yes” for Ballot SC-086v3.

To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/CA%2B1gtaZK6x%3DTkJ-JuK3UBJGCG5dKx-SQG0MJrCoLVvEuLAiPWw%40mail.gmail.com.

[Tim Hollebeek]

DigiCert votes YES on SC-086v3.

 

-Tim

--

[Doug Beattie]

GlobalSign votes Yes on ballot SC-86v3

 

Doug

 

From: 'Corey Bonnell' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>
Sent: Monday, November 3, 2025 11:56 AM
To: server...@groups.cabforum.org
Subject: [Servercert-wg] Voting period begins: SC-86v3: Sunset the Inclusion of Domain Names with an IP Reverse Zone Suffix

 

Purpose of Ballot

--

[蔡家宏(chtsai)]

TWCA votes “Yes” on ballot SC-86v3.

 

 

 

Best Regards

 

蔡家宏 Chya-Hung Tsai

Director

Identification & Certificate Research
Tel: +886-2-2370-8886 ext. 722
Fax: +886-2-2388-6720
Email: cht...@twca.com.tw

10F., No. 85, Yanping South Road,

Taipei 100002, Taiwan(R.O.C.)
https://www.twca.com.tw

 

From: 'Corey Bonnell' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>
Sent: Tuesday, November 4, 2025 12:56 AM
To: server...@groups.cabforum.org
Subject: [Servercert-wg] Voting period begins: SC-86v3: Sunset the Inclusion of Domain Names with an IP Reverse Zone Suffix

 

Purpose of Ballot

--

[Dimitris Zacharopoulos (HARICA)]

HARICA votes "yes" to ballot SC-86v3

--

[Nome Huang]

TrustAsia votes “Yes” on Ballots-SC86v3.

[Pedro FUENTES]

OISTE votes Yes to SC-86v3

--
You received this message because you are subscribed to the Google Groups "Server Certificate WG (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to servercert-w...@groups.cabforum.org.

To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/403000a9-2bd1-49d6-9226-4965af4b6665n%40groups.cabforum.org.

WISeKey SA

Pedro Fuentes
CSO - Trust Services Manager
Office: + 41 (0) 22 594 30 00
Mobile: + 41 (0) 791 274 790

Address: Avenue Louis-Casaï 58 | 1216 Cointrin | Switzerland

Stay connected with WISeKey

THIS IS A TRUSTED MAIL: This message is digitally signed with a WISeKey identity. If you get a mail from WISeKey please check the signature to avoid security risks

CONFIDENTIALITY: This email and any files transmitted with it can be confidential and it’s intended solely for the use of the individual or entity to which they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. If you have received this email in error please notify the sender

DISCLAIMER: WISeKey does not warrant the accuracy or completeness of this message and does not accept any liability for any errors or omissions herein as this message has been transmitted over a public network. Internet communications cannot be guaranteed to be secure or error-free as information may be intercepted, corrupted, or contain viruses. Attachments to this e-mail are checked for viruses; however, we do not accept any liability for any damage sustained by viruses and therefore you are kindly requested to check for viruses upon receipt.

[Entschew, Enrico]

D-Trust votes „Yes“ on SC-86v3.

 

Thanks,

Enrico

--

You received this message because you are subscribed to the Google Groups "Server Certificate WG (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to servercert-w...@groups.cabforum.org.

To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/DS0PR14MB6216E7B09679B59D84698B3392C7A%40DS0PR14MB6216.namprd14.prod.outlook.com.

[Kateryna Aleksieieva]

Certum votes YES on Ballot SC-86v3

 

Kind regards,

Kateryna Aleksieieva

--

[Adriano Santoni]

Actalis votes “Yes” on Ballots-SC86v3. 

Regards,
   Adriano

--

[Scott Rea]

eMudhra Votes YES on Ballot SC-86v3

 

From: 'Corey Bonnell' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>
Date: Monday, 3 November 2025 at 9:56 AM
To: server...@groups.cabforum.org <server...@groups.cabforum.org>
Subject: [Servercert-wg] Voting period begins: SC-86v3: Sunset the Inclusion of Domain Names with an IP Reverse Zone Suffix

Disclaimer: The email and its contents hold confidential information and are intended for the person or entity to which it is addressed. If you are not the intended recipient, please note that any distribution or copying of this email is strictly prohibited as per Company Policy, you are requested to notify the sender and delete the email and associated attachments with it from your system.

[Marco Schambach]

IdenTrust votes “Yes” on SC-86v3

 

Marco S.

TrustID Program Manager

 

From: 'Corey Bonnell' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>
Sent: Monday, November 3, 2025 11:56 AM
To: server...@groups.cabforum.org
Subject: [Servercert-wg] Voting period begins: SC-86v3: Sunset the Inclusion of Domain Names with an IP Reverse Zone Suffix

 

Purpose of Ballot

--

[Tom Zermeno]

SSL.com votes “Yes” on SC-86v3.

 

Thanks,

 

Tom

 

From: 'Corey Bonnell' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>
Sent: Monday, November 3, 2025 10:56 AM
To: server...@groups.cabforum.org
Subject: [Servercert-wg] Voting period begins: SC-86v3: Sunset the Inclusion of Domain Names with an IP Reverse Zone Suffix

 

Purpose of Ballot

--

[大野 文彰]

SECOM Trust Systems votes YES on Ballot SC-86v3.

 

Best regards,

 

ONO Fumiaki / 大野 文彰

(Japanese name order: family name first, in uppercase)

SECOM Trust Systems CO., LTD.

 

From: 'Corey Bonnell' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>
Sent: Tuesday, November 4, 2025 1:56 AM
To: server...@groups.cabforum.org
Subject: [Servercert-wg] Voting period begins: SC-86v3: Sunset the Inclusion of Domain Names with an IP Reverse Zone Suffix

 

Purpose of Ballot

--

[Hogeun Yoo]

NAVER Cloud Trust Services votes "YES" on Ballot SC-86v3.

Thanks,

Hogeun Yoo

-----Original Message-----
From: "'Corey Bonnell' via Server Certificate WG (CA/B Forum)"<server...@groups.cabforum.org>
To: "server...@groups.cabforum.org"<server...@groups.cabforum.org>;
Cc:
Sent: 2025. 11. 4. (화) 01:56 (GMT+09:00)
Subject: [Servercert-wg] Voting period begins: SC-86v3: Sunset the Inclusion of Domain Names with an IP Reverse Zone Suffix

--

You received this message because you are subscribed to the Google Groups "Server Certificate WG (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to servercert-w...@groups.cabforum.org.
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/DS0PR14MB6216E7B09679B59D84698B3392C7A%40DS0PR14MB6216.namprd14.prod.outlook.com.

[Backman, Antti]

Telia votes ‘Yes’ on Ballot SC-86v3

//Antti

From: 'Corey Bonnell' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>
Date: Monday, 3. November 2025 at 18.56
To: server...@groups.cabforum.org <server...@groups.cabforum.org>
Subject: [Servercert-wg] Voting period begins: SC-86v3: Sunset the Inclusion of Domain Names with an IP Reverse Zone Suffix

--

[Yoshihiko Matsuo]

JPRS votes YES on Ballot SC-86v3.

Yoshihiko Matsuo(JPRS)

> --
> You received this message because you are subscribed to the Google Groups "Server Certificate WG (CA/B Forum)" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to servercert-w...@groups.cabforum.org.

> To view this discussion visit <https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/DS0PR14MB6216E7B09679B59D84698B3392C7A%40DS0PR14MB6216.namprd14.prod.outlook.com?utm_medium=email&utm_source=footer>https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/DS0PR14MB6216E7B09679B59D84698B3392C7A%40DS0PR14MB6216.namprd14.prod.outlook.com.

[sde...@godaddy.com]

GoDaddy votes Yes on Ballot SC-86v3.

 

Thanks,

Steven Deitte

 

From: 'Corey Bonnell' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>
Date: Monday, November 3, 2025 at 11:56 AM
To: server...@groups.cabforum.org <server...@groups.cabforum.org>
Subject: [Servercert-wg] Voting period begins: SC-86v3: Sunset the Inclusion of Domain Names with an IP Reverse Zone Suffix

--

You received this message because you are subscribed to the Google Groups "Server Certificate WG (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to servercert-w...@groups.cabforum.org.

To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/DS0PR14MB6216E7B09679B59D84698B3392C7A%40DS0PR14MB6216.namprd14.prod.outlook.com.

[Marco Schambach]

IdenTrust votes “Yes” on SC-86v3:

 

Marco S.

TrustID Program Manager

 

From: 'Corey Bonnell' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>
Sent: Monday, November 3, 2025 11:56 AM
To: server...@groups.cabforum.org
Subject: [Servercert-wg] Voting period begins: SC-86v3: Sunset the Inclusion of Domain Names with an IP Reverse Zone Suffix

 

Purpose of Ballot

--

[Wayne Thayer]

Fastly votes Yes on ballot SC-86v3.

- Wayne

--

[Adrian Mueller]

SwissSign votes “Yes” on Ballots-SC86v3. 

 

Best regards
Adrian

 

 

Adrian Michael Mueller

Audit & Compliance Manager

 

+41 43 811 05 97

adrian....@swisssign.com

 

 

From: 'Corey Bonnell' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>
Sent: Monday, November 3, 2025 5:56 PM
To: server...@groups.cabforum.org
Subject: [Servercert-wg] Voting period begins: SC-86v3: Sunset the Inclusion of Domain Names with an IP Reverse Zone Suffix

 

Purpose of Ballot

--

[Josselin ALLEMANDOU]

 

CERTIGNA votes YES on ballot SC-86v3.

 

 

 

 

---

20 Allée de la Râperie, 59650 Villeneuve-d'Ascq
Maximizing Digital Trust | www.certigna.com | www.dhimyotis.com
LinkedIn | Twitter | YouTube

 

[jun....@cybertrust.co.jp]

Cybertrust Japan votes YES on ballot SC-86v3.

-----Original Message-----
From: 'Corey Bonnell' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>
Sent: Tuesday, November 4, 2025 1:56 AM

To: server...@groups.cabforum.org
Subject: [Servercert-wg] Voting period begins: SC-86v3: Sunset the Inclusion of Domain Names with an IP Reverse Zone Suffix

--
You received this message because you are subscribed to the Google Groups "Server Certificate WG (CA/B Forum)" group.

To unsubscribe from this group and stop receiving emails from it, send an email to servercert-w...@groups.cabforum.org <mailto:servercert-w...@groups.cabforum.org> .
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/DS0PR14MB6216E7B09679B59D84698B3392C7A%40DS0PR14MB6216.namprd14.prod.outlook.com <https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/DS0PR14MB6216E7B09679B59D84698B3392C7A%40DS0PR14MB6216.namprd14.prod.outlook.com?utm_medium=email&utm_source=footer> .

[郭宗閔]

Chunghwa Telecom votes YES on SC-086v3.

 

Best regards,

Chunghwa Telecom Co., Ltd.,

Tsung-Min Kuo

 

From: 'Corey Bonnell' via Server Certificate WG (CA/B Forum) <server...@groups.cabforum.org>

Sent: Tuesday, November 4, 2025 12:56 AM
To: server...@groups.cabforum.org

Subject: [外部郵件][Servercert-wg] Voting period begins: SC-86v3: Sunset the Inclusion of Domain Names with an IP Reverse Zone Suffix

--

You received this message because you are subscribed to the Google Groups "Server Certificate WG (CA/B Forum)" group.

To unsubscribe from this group and stop receiving emails from it, send an email to servercert-w...@groups.cabforum.org.
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/DS0PR14MB6216E7B09679B59D84698B3392C7A%40DS0PR14MB6216.namprd14.prod.outlook.com.

本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利用本信件內容,並請銷毀此信件. 如為指定收件者,應確實保護郵件中本公司之營業機密及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性,以共同善盡資訊安全與個資保護責任.
Please be advised that this email message (including any attachments) contains confidential information and may be legally privileged. If you are not the intended recipient, please destroy this message and all attachments from your system and do not further collect, process, or use them. Chunghwa Telecom and all its subsidiaries and associated companies shall not be liable for the improper or incomplete transmission of the information contained in this email nor for any delay in its receipt or damage to your system. If you are the intended recipient, please protect the confidential and/or personal information contained in this email with due care. Any unauthorized use, disclosure or distribution of this message in whole or in part is strictly prohibited. Also, please self-inspect attachments and hyperlinks contained in this email to ensure the information security and to protect personal information.

[Peter Miškovič]

Disig votes „YES“ on ballot  SC-86v3: Sunset the Inclusion of Domain Names with an IP Reverse Zone Suffix.

 

Regards

Peter Miskovic

[Ryan Dickson]

Google votes "Yes" for Ballot SC-86v3.

To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/servercert-wg/3ebe4d497c8c46dc9ec7cbac549237b8%40disig.sk.

[Aaron Poulsen]

Amazon Trust Services votes "Yes" to ballot SC-086v3.

[qi_ji...@itrus.com.cn]

iTrusChina votes YES on Ballot SC-86v3.

Regards,

Qi Jianxin

---

qi_ji...@itrus.com.cn

 

From: 'Corey Bonnell' via Server Certificate WG (CA/B Forum)

Date: 2025-11-04 00:56

To: server...@groups.cabforum.org

Subject: [Servercert-wg] Voting period begins: SC-86v3: Sunset the Inclusion of Domain Names with an IP Reverse Zone Suffix

Purpose of Ballot

--

[성지은 Jieun Seong]

MOIS votes "YES" to ballot SC-086 v3.

---

Date: 2025/11/04 01:57:17

From: "'Corey Bonnell' via Server Certificate WG (CA/B Forum)"