<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 12 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.emailquote, li.emailquote, div.emailquote
{mso-style-name:emailquote;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:1.0pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:79258607;
mso-list-template-ids:460091018;}
@list l0:level1
{mso-level-start-at:2;
mso-level-number-format:alpha-lower;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1
{mso-list-id:593055498;
mso-list-template-ids:-394102262;}
@list l1:level1
{mso-level-start-at:3;
mso-level-number-format:alpha-lower;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2
{mso-list-id:634985912;
mso-list-template-ids:-1288251998;}
@list l2:level1
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level2
{mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3
{mso-list-id:782190585;
mso-list-template-ids:-519767204;}
@list l3:level1
{mso-level-start-at:4;
mso-level-number-format:alpha-lower;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4
{mso-list-id:830293201;
mso-list-template-ids:-1427319410;}
@list l4:level1
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Also, the hyphens are mainly to help humans to delimit the permanentidentifier, but I don’t think they can be used for machine-parsing unless you have a rule set that covers all potential combinations for various jurisdictions, etc. For example, you could have Hewlett-Packard with Corporate Serial Number 123-456-789 located in Port-au-Prince.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> public-bounces@cabforum.org [mailto:public-bounces@cabforum.org] <b>On Behalf Of </b>Rick Andrews<br><b>Sent:</b> Friday, June 08, 2012 4:13 PM<br><b>To:</b> Jeremy Rowley; management@cabforum.org; public@cabforum.org<br><b>Subject:</b> Re: [cabfpub] Questions about [70] EV Code Signing Identifier<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=EN-IE style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Jeremy,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-IE style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-IE style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>(copying the public list)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-IE style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-IE style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I think I understand now. There shouldn’t be ambiguity if State is omitted, or if State and/or Org contain hyphens because anyone who needs to parse the permanentIdentifier will do so not by looking for hyphen delimiters, but by checking if State and/or Org are present in the DN and skipping past those matching values from the DN.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-IE style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-IE style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I haven’t created any motions yet, so if you wouldn’t mind creating it, I will endorse it. Thanks,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-IE style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-IE style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>-Rick<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-IE style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Jeremy Rowley [<a href="mailto:jeremy.rowley@digicert.com">mailto:jeremy.rowley@digicert.com</a>] <br><b>Sent:</b> Friday, June 08, 2012 2:14 PM<br><b>To:</b> Rick Andrews; <a href="mailto:management@cabforum.org">management@cabforum.org</a><br><b>Subject:</b> RE: [cabfpub] Questions about [70] EV Code Signing Identifier<o:p></o:p></span></p></div></div><p class=MsoNormal><span lang=EN-IE><o:p> </o:p></span></p><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>My opinions are in-line. I posted this to the management list since I am unable to post to the public list.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><ol start=1 type=a><li class=MsoNormal style='color:#1F497D;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l2 level1 lfo3'><span style='font-size:10.0pt;font-family:"Calibri","sans-serif";color:windowtext'>Since the STATE part is “if applicable”, what happens if the STATE is not applicable? Is the permanentIdentifier “CC--REG or DATE”?</span><span style='font-size:10.0pt;font-family:"Calibri","sans-serif"'><o:p></o:p></span></li></ol><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in'><span style='font-size:10.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>STATE is the locality, state, or province as listed in the relevant field jurisdiction of incorporation field. If none of these are listed in the jurisdiction of incorporation field, then it should be either CC-REG or CC-REG-DATE-ORG, depending on the jurisdiction and whether it assigns registration numbers.<o:p></o:p></span></p><ol start=2 type=a><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l2 level1 lfo3'><span style='font-size:10.0pt;font-family:"Calibri","sans-serif"'>Can a State or Province include a hyphen? If so, I would expect it would need to be escaped somehow so as not to be interpreted as a delimiter.<o:p></o:p></span></li></ol><p class=MsoListParagraph style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Right now it may include the identifier – the state/province/locality identifier should match the information in the Jurisdiction of Incorporation State or Province field OR the Jurisdiction of Incorporation Locality field exactly<o:p></o:p></span></p><ol start=3 type=a><li class=MsoNormal style='color:#1F497D;mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l2 level1 lfo3'><span style='font-size:10.0pt;font-family:"Calibri","sans-serif";color:windowtext'>Same question about Org, except that I know that Orgs can contain hyphens (e.g., “Hewlett-Packard”).</span><span style='font-size:10.0pt;font-family:"Calibri","sans-serif"'><o:p></o:p></span></li></ol><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Sure<o:p></o:p></span></p><ol start=4 type=a><li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l2 level1 lfo3'><span style='font-size:10.0pt;font-family:"Calibri","sans-serif"'>We don’t understand the need to allow the CA to truncate so the combination doesn’t exceed 64 characters. That’s the max length of DN components, but this is an extension. If the intent is to insure that any CA would come up with the same combination for a given organization, this seems to allow for variability that will cause incompatibilities.<o:p></o:p></span></li></ol><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>True – that was included when we were originally looking and DN components and was left inadvertently when the identifier moved to an extension. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I’d support a motion to clarify some of these issues if you’d like to make one. If you’d prefer, I can craft a motion to clarify these issues.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Jeremy<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p></div></div></div></body></html>