Update draft-ietf-acme-subdomains.md

#30
upros · Nov 25, 2022 · 50f29bd · 50f29bd
1 parent 068ff7a
commit 50f29bd
Showing 1 changed file with 13 additions and 9 deletions.
diff --git a/draft-ietf-acme-subdomains.md b/draft-ietf-acme-subdomains.md
@@ -82,15 +82,6 @@ The following terms are defined in DNS Terminology {{!RFC8499}} and are reproduc
 
 - Domain Name: An ordered list of one or more labels.
 
-- Subdomain: "A domain is a subdomain of another domain if it is
-      contained within that domain.  This relationship can be tested by
-      seeing if the subdomain's name ends with the containing domain's
-      name."  (Quoted from {{Section 3.1 of ?RFC1034}}.) For example, in the
-      host name "nnn.mmm.example.com", both "mmm.example.com" and
-      "nnn.mmm.example.com" are subdomains of "example.com".  Note that
-      the comparisons here are done on whole labels; that is,
-      "ooo.example.com" is not a subdomain of "oo.example.com".
-
 - Fully-Qualified Domain Name (FQDN):  This is often just a clear way
       of saying the same thing as "domain name of a node", as outlined
       above.  However, the term is ambiguous.  Strictly speaking, a
@@ -102,6 +93,19 @@ The following terms are defined in DNS Terminology {{!RFC8499}} and are reproduc
       called "fully qualified".  This term first appeared in {{?RFC0819}}.
       In this document, names are often written relative to the root.
 
+The following definition for "subdomain" is taken from DNS Terminology {{!RFC8499}} and reproduced here, however the definition is ambiguous and is further clarified below:
+
+- Subdomain: "A domain is a subdomain of another domain if it is
+      contained within that domain.  This relationship can be tested by
+      seeing if the subdomain's name ends with the containing domain's
+      name."  (Quoted from {{Section 3.1 of ?RFC1034}}.) For example, in the
+      host name "nnn.mmm.example.com", both "mmm.example.com" and
+      "nnn.mmm.example.com" are subdomains of "example.com".  Note that
+      the comparisons here are done on whole labels; that is,
+      "ooo.example.com" is not a subdomain of "oo.example.com".
+
+The definition is ambiguous as it appears to allow a subdomain to include the given domain. That is, "mmm.example.com" ends with "mmm.example.com" and thus is a subdomain of itself. This document interprets the first sentence of the above definition as meaning "A domain is a subdomain of a different domain if it is contained within that different domain.". A domain cannot be a subdomain of itself. For example,  "mmm.example.com" is not a subdomain of "mmm.example.com".
+
 The following additional terms are used in this document:
 
 - Certification Authority (CA): An organization that is responsible for the creation, issuance, revocation, and management of Certificates. The term applies equally to both Root CAs and Subordinate CAs. Refer to {{?RFC5280}} for detailed information on Certification Authorities.