<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta name=Generator content="Microsoft Word 12 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";
color:black;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle24
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle25
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle26
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='color:#1F497D'>Bill, <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>I think the additions are great. Jeremy and Gerv, does this address your concerns as well? Are either of you willing to endorse at this point?<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>-Rich<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> William Madell [mailto:bill.madell@trustis.com] <br><b>Sent:</b> Wednesday, August 01, 2012 7:05 AM<br><b>To:</b> jeremy.rowley@digicert.com; richard.smith@comodo.com; 'Erwann Abalea'; public@cabforum.org<br><b>Subject:</b> RE: [cabfpub] ISO 3166-1 country codes<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=EN-GB style='color:#1F497D'>Rich,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB style='color:#1F497D'>I understand your point on solely moving things into individual CP/CPS – depending on how it’s done, it could be problematic. It does, however, seem to be the logical place for Relying Parties to look when confronted with an unknown/unfamiliar value within a certificate. I figure the approach should use your wording to <i>define</i> the temporary use of XK in Appendix D of the BRs, but also mandate CAs using XK in their certificates <i>provide</i> the BR definition within their own CP/CPS – to make the explanation more readily/easily available to the Relying Parties. I’d wager that a RP would look first to the CP/CPS before consulting the BRs – or ISO 3166-1, for that matter. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB style='color:#1F497D'>Have a look at this version of the motion. It includes the Digicert amendment along with amendments of my own (using Kirk’s suggested +/- method):<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB style='color:#1F497D'>-------------<o:p></o:p></span></p><p class=MsoNormal><b><span style='color:#1F497D'>Appendix D - Country-Specific Interpretative Guidelines (Normative)<o:p></o:p></span></b></p><p class=MsoNormal><u><span style='color:#1F497D'>Republic of Kosovo</span></u><span style='color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Until the Republic of Kosovo is assigned an official ISO 3166-1 designation, CAs operating in jurisdictions that recognize the Republic of Kosovo MAY, at their discretion, use either (i) the country code RS for Serbia, or (ii) in line with the European Commission (see <a href="http://epp.eurostat.ec.europa.eu/statistics_explained/index.php/Glossary:Country_codes">http://epp.eurostat.ec.europa.eu/statistics_explained/index.php/Glossary:Country_codes</a>) as well as certain other governments and organizations, use the country code XK* for the Republic of Kosovo. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>[+ CAs using (ii) MUST include the relevant guidance provided in this Appendix within their own Certificate Policy or Certification Practice Statement in order to provide Relying Parties adequate information regarding the use of the XK designation. +]<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>If an official ISO 3166-1 designation is assigned, then all CAs MUST [+ cease using XK and adopt the +] use [+ of +] the official ISO 3166-1 designation for the Republic of Kosovo. [+ At the time an official ISO 3166-1 designation is assigned, valid certificates containing the country code XK MUST cease to be used and replaced with certificates containing the Republic of Kosovo’s official ISO 3166-1 designation. +] <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>* XA-XZ are designated as user-defined in ISO 3166-1 and generally SHOULD NOT be used in trusted certificates, however this situation represents a temporary exception given the unique diplomatic situation surrounding the declaration of independence of the Republic of Kosovo. It is anticipated that as the situation resolves itself, Kosovo will either be [- given it's -] [+ assigned its +]own official ISO 3166-1 designation, or it will return to using solely the designation assigned to Serbia.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='color:#1F497D'>-------------<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB style='color:#1F497D'>(one other passing thought – do we need to explicitly state “ISO 3166-1 alpha-2” or is “ISO 3166-1” sufficient?)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB style='color:#1F497D'>So, the above should give us ‘centralised’ governance of the use of XK via the BRs (which is what you want) as well as providing its defined usage to Relying Parties (which is what Eddy wants) via the CP/CPS.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB style='color:#1F497D'>If you’re happy with the above motion, I’m happy to endorse it.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB style='color:#1F497D'>Regards,<br>Bill<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> Jeremy Rowley [<a href="mailto:jeremy.rowley@digicert.com">mailto:jeremy.rowley@digicert.com</a>] <br><b>Sent:</b> 31 July 2012 23:29<br><b>To:</b> <a href="mailto:richard.smith@comodo.com">richard.smith@comodo.com</a>; 'William Madell'; 'Erwann Abalea'; <a href="mailto:public@cabforum.org">public@cabforum.org</a><br><b>Subject:</b> RE: [cabfpub] ISO 3166-1 country codes<o:p></o:p></span></p></div></div><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>We’ll adopt if you amend the proposal to clarify that this provision only applies until Kosovo is assigned its own ISO designation. Something like:<o:p></o:p></span></p><p class=MsoNormal><b><span style='color:#1F497D'><o:p> </o:p></span></b></p><p class=MsoNormal><b><span style='color:#1F497D'>Appendix D - Country-Specific Interpretative Guidelines (Normative)<o:p></o:p></span></b></p><p class=MsoNormal><u><span style='color:#1F497D'>Republic of Kosovo</span></u><span style='color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Until the Republic of Kosovo is assigned an official ISO 3166-1 designation, CAs operating in jurisdictions that recognize the Republic of Kosovo MAY, at their discretion, use either (i) the country code RS for Serbia, or (ii) in line with the European Commission (see <a href="http://epp.eurostat.ec.europa.eu/statistics_explained/index.php/Glossary:Country_codes">http://epp.eurostat.ec.europa.eu/statistics_explained/index.php/Glossary:Country_codes</a>) as well as certain other governments and organizations, use the country code XK* for the Republic of Kosovo. If an official ISO 3166-1 designation is assigned, then all CAs MUST use the official ISO 3166-1 designation for the Republic of Kosovo.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>* XA-XZ are designated as user-defined in ISO 3166-1 and generally SHOULD NOT be used in trusted certificates, however this situation represents a temporary exception given the unique diplomatic situation surrounding the declaration of independence of the Republic of Kosovo. It is anticipated that as the situation resolves itself, Kosovo will either be given it's own official ISO 3166-1 designation, or it will return to using solely the designation assigned to Serbia.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> <a href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a> <a href="mailto:[mailto:public-bounces@cabforum.org]">[mailto:public-bounces@cabforum.org]</a> <b>On Behalf Of </b>Rich Smith<br><b>Sent:</b> Tuesday, July 31, 2012 8:30 AM<br><b>To:</b> 'William Madell'; 'Erwann Abalea'; <a href="mailto:public@cabforum.org">public@cabforum.org</a><br><b>Subject:</b> Re: [cabfpub] ISO 3166-1 country codes<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='color:#1F497D'>I am looking for 2 endorsers for the following motion to amend the BRs:<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Rich Smith made the following motion and ___ and ____ endorsed it.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Add to the Baseline Requirements:<o:p></o:p></span></p><p class=MsoNormal><a name="_Toc322640038"></a><b><span style='color:#1F497D'><o:p> </o:p></span></b></p><p class=MsoNormal><b><span style='color:#1F497D'>Appendix D - Country-Specific Interpretative Guidelines (Normative)<o:p></o:p></span></b></p><p class=MsoNormal><u><span style='color:#1F497D'>Republic of Kosovo</span></u><span style='color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>CAs operating in jurisdictions which have extended diplomatic recognition to the Republic of Kosovo MAY, at their discretion, use EITHER the country code RS for Serbia, OR in line with the European Commission (see <a href="http://epp.eurostat.ec.europa.eu/statistics_explained/index.php/Glossary:Country_codes">http://epp.eurostat.ec.europa.eu/statistics_explained/index.php/Glossary:Country_codes</a>) as well as certain other governments and organizations, use the country code XK* for the Republic of Kosovo.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>* XA-XZ are designated as user-defined in ISO 3166-1 and generally SHOULD NOT be used in trusted certificates, however this situation represents a temporary exception given the unique diplomatic situation surrounding the declaration of independence of the Republic of Kosovo. It is anticipated that as the situation resolves itself, Kosovo will either be given it's own official ISO 3166-1 designation, or it will return to using solely the designation assigned to Serbia.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> <a href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a> <a href="mailto:[mailto:public-bounces@cabforum.org]">[mailto:public-bounces@cabforum.org]</a> <b>On Behalf Of </b>William Madell<br><b>Sent:</b> Tuesday, July 31, 2012 6:17 AM<br><b>To:</b> 'Erwann Abalea'; <a href="mailto:public@cabforum.org">public@cabforum.org</a><br><b>Subject:</b> Re: [cabfpub] ISO 3166-1 country codes<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=EN-GB style='color:#1F497D'>Agreed – the CABF can decide to use ‘XK’ as its user-assigned country code for Kosovo within the context of the BRs (perhaps, also in the context of EV?). <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB style='color:#1F497D'>As Erwann recommends, the CABF should publicly document that decision – I suggest as either an erratum or appendix to the BRs.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB style='color:#1F497D'>Bill<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> <a href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a> [<a href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>] <b>On Behalf Of </b>Erwann Abalea<br><b>Sent:</b> 31 July 2012 10:46<br><b>To:</b> <a href="mailto:public@cabforum.org">public@cabforum.org</a><br><b>Subject:</b> Re: [cabfpub] ISO 3166-1 country codes<o:p></o:p></span></p></div></div><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><div><p class=MsoNormal style='margin-bottom:12.0pt'><span lang=EN-GB>Nice question.<br><br>XK being one of the "user-assigned code elements", it can therefore be freely used wherever you want, and it won't be used in any update of the standard.<br><a href="http://www.iso.org/iso/home/standards/country_codes/special-code-elements-iso-3166.htm#Reserved-code-elements">http://www.iso.org/iso/home/standards/country_codes/special-code-elements-iso-3166.htm#Reserved-code-elements</a> is pretty clear on the purpose and limits of the user-assigned codes.<br>Faced with such a request, I'd also tend to approve it, publicly document the use of "XK" code to designate "Kosovo", and notify the ISO-3166/MA of the use of this code.<br><br>EU hasn't recognized Kosovo as an independant nation, it's strange that XK is used by the EC.<o:p></o:p></span></p><pre><span lang=EN-GB>-- <o:p></o:p></span></pre><pre><span lang=EN-GB>Erwann ABALEA<o:p></o:p></span></pre><pre><span lang=EN-GB><o:p> </o:p></span></pre><p class=MsoNormal><span lang=EN-GB>Le 30/07/2012 22:39, Rich Smith a écrit :<o:p></o:p></span></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><span lang=EN-GB>I've come across an edge case that I'd like to get some discussion on.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>We have received a request for a customer in Kosovo, which the two jurisdictions to which we are subject (US and UK) recognize as a sovereign country. However because there is still some wrangling going on in the UN, Kosovo does not at this time have an official ISO 3166 country code.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>I came across some information that the European Commission, Switzerland, and the Deutsche Bundesbank among others are temporarily using XK as a designator for Kosovo. Any thought as to whether or not doing the same in a certificate would be in compliance with Section 9.2.5 of the BRs?<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>9.2.5 Subject Country Name Field<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>Certificate Field: subject:countryName (OID: 2.5.4.6)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>Required/Optional: Optional<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>Contents: If the subject:countryName field is present, then the CA SHALL verify the country associated with the Subject in accordance with Section 11.2.5 and use its two-letter ISO 3166-1 country code.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB>Since XK is set aside by the ISO as user assigned, I tend to lean toward allowing it, but I also think that we should probably decide as a group so that we all (at least all in jurisdictions which recognize Kosovo) treat Kosovo in a uniform fashion. Thoughts?<o:p></o:p></span></p></blockquote></div></div></div></body></html>