Clean up usage of "FQDN" versus "FQDN or Wildcard Domain Name" #621
Description
As of right now (BRs v2.1.7), the definitions of FQDN and Wildcard Domain Name are as follows:
Fully-Qualified Domain Name: A Domain Name that includes the Domain Labels of all superior nodes in the Internet Domain Name System.
Wildcard Domain Name: A string starting with "*." (U+002A ASTERISK, U+002E FULL STOP) immediately followed by a Fully-Qualified Domain Name.
From these definitions, it is clear that a WDN is not an FQDN; it is a different thing wrapped around an FQDN. Despite both being things which can end up baked into the Subject Alternative Names of a certificate, the venn diagram between FQDNs and WDNs is the empty set.
However, Section 3.2.2.4 appears to imply that the CA is somehow not required to validate each WDN listed in the Certificate:
The CA SHALL confirm that prior to issuance, the CA has validated each Fully-Qualified Domain Name (FQDN) listed in the Certificate as follows:
And many individual validation methods (subsections of 3.2.2.4) appear to imply that they cannot in fact be used to confirm control over WDNs, even ones that explicitly say that the "are suitable for validating Wildcard Domain Names":
Confirming the Applicant's control over the FQDN by...
It's clear to me that basically all uses of "FQDN" within Section 3.2.2.4 are intended to actually mean "FQDN or Wildcard Domain Name". We should either update 3.2.2.4 to say that, or create a new defined term which encapsulates both kinds of SANs.