<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Bonjour,<br>
<br>
If the CABForum wants to take the lead and define rules, it may
have to deal with politics.<br>
I don't see how an entity unable to obtain an EV certificate can
define which country can be considered sovereign and assign it an
ISO3166 country code, except for nomenclature only.<br>
<br>
If an appendix is to be added to BR, we'll have to take decisions
on "countries" listed in
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<a
href="http://en.wikipedia.org/wiki/List_of_states_with_limited_recognition">http://en.wikipedia.org/wiki/List_of_states_with_limited_recognition</a>,
and maybe extend it to reserved ISO3166 country codes such as
"EU", "UK", "FX", ...<br>
The problem can quickly become complex, and adding another
transnational layer won't simplify it, if we can even reach
consensus (for example, on Kosovo, Spain doesn't recognize it as a
sovereign state). If the consensus finally is "do it your way",
then OK, we don't have to agree on politics but only on a common
nomenclature.<br>
<br>
<pre class="moz-signature" cols="72">--
Erwann ABALEA
</pre>
Le 31/07/2012 22:26, Rich Smith a écrit :<br>
</div>
<blockquote
cite="mid:038001cd6f5a$cf23c4a0$6d6b4de0$@smith@comodo.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 12 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";
color:black;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">Bill,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">I'm certainly
willing to go the CPS route to get this done, but I think
that only exacerbates the one legitimate concern which has
been raised, namely that of relying parties being able to
identify which country it represents. I think my approach
of adding as an Appendix to the BR and creating a standard,
documented usage across the industry is a much better
approach. Better that the CA/B Forum acts as the user doing
the defining, rather than each CA on its own coming up with
a bunch of different solutions.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Eddy,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">The politics
involved don't concern me, and shouldn't concern us as a
Forum, except that ISO 3166 takes its lead from the UN so
until the UN makes a final decision, 3166 doesn't get
updated. A UN decision on this or anything else like it
could take years (it's already been 4) or never come. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">In the mean
time, at least for those of us in a jurisdiction that
recognizes the Republic of Kosovo, we live in a world where
there is in point of fact a country called the Republic of
Kosovo, as per the laws of the jurisdiction to which we are
subject. ISO 3166 does in fact have a mechanism by which
we can deal with the situation. I fully agree, let's leave
the politics out of it, and simply use the standard as it
exists to create a solution which works for our industry,
publish what that mechanism is and go on about our
business. I think my proposal does exactly that and it's
neutral as far as which side of the fence a particular CAs
jurisdiction falls into with regards to the politics
involved.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">As far as other
regions which may be in similar situations, fine. We can
deal with them in similar fashion if and when they present
themselves. I think by adding the user defined codes into
the standard, ISO acknowledged that by tying the standard to
the UN, there may arise situations in the real world with
which they can't keep up so the standard allows those of us
who have to live in the real world to use those reserved
codes to fill in the gaps. Let's get the job done that they
can't do at the moment.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">As Bill has
pointed out, I can use that mechanism to define my own
solution, and if the consensus of the Forum is that I should
do that, fine, I'll get it done, but IMO it is short sighted
and prone to far more errors and relying party confusion to
have every CA making their own policies on this than to have
the Forum make a sensible policy for the industry. That
policy should take the real world situation into account and
not worry about the 'politics' of it.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">-Rich<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in
0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">
William Madell [<a class="moz-txt-link-freetext" href="mailto:bill.madell@trustis.com">mailto:bill.madell@trustis.com</a>] <br>
<b>Sent:</b> Tuesday, July 31, 2012 3:09 PM<br>
<b>To:</b> 'Eddy Nigg (StartCom Ltd.)';
<a class="moz-txt-link-abbreviated" href="mailto:richard.smith@comodo.com">richard.smith@comodo.com</a>; <a class="moz-txt-link-abbreviated" href="mailto:public@cabforum.org">public@cabforum.org</a><br>
<b>Subject:</b> RE: [cabfpub] ISO 3166-1 country codes<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-GB">Rich
– <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-GB">I
think Eddy’s got a point regarding the public
meaningfulness of an arbitrary/unofficial country code. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-GB">Section
9.2.5 mandates the use of a defined – therefore,
meaningful – code for the countryName attribute. The
X.520 rules say an ISO 3166-1/3 alpha-2 code is used. ISO
3166/MA says, “here’s a bunch of unassigned alpha-2 codes
that can be user-defined.” So, maybe the answer is to
define it within the Certificate Policy under which the
cert is issued?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-GB">Perhaps,
we could expand sec. 9.2.5 to allow that approach; it
might look like this:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-GB">---------------<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-GB">Contents:
If the subject:countryName field is present, then the CA
SHALL verify the country associated with the Subject in
accordance with Section 11.2.5 and use its two-letter ISO
3166-1 country code. If a country is not assigned a
two-letter ISO 3166-1 country code, a CA MAY utilise a
user-assigned code. If the CA utilises a user-assigned
code, the CA MUST define the country identified by the
code in its Certificate Policy or Certification Practice
Statement.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-GB">---------------
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-GB">The
alternative, of course, is to issue a certificate to a
Kosovo entity which does NOT contain a countryName
attribute (which, if I read it correctly, also means the
certificate must not contain an organization attribute).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-GB"><br>
Regards,<br>
Bill<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-GB"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">
<a moz-do-not-send="true"
href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a>
[<a moz-do-not-send="true"
href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>]
<b>On Behalf Of </b>Eddy Nigg (StartCom Ltd.)<br>
<b>Sent:</b> 31 July 2012 17:15<br>
<b>To:</b> <a moz-do-not-send="true"
href="mailto:public@cabforum.org">public@cabforum.org</a><br>
<b>Subject:</b> Re: [cabfpub] ISO 3166-1 country codes<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-GB"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB">Hi Rich,<br>
<br>
On 07/30/2012 11:39 PM, From Rich Smith: <o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif"" lang="EN-GB">Since XK is
set aside by the ISO as user assigned, I tend to lean
toward allowing it, but I also think that we should
probably decide as a group so that we all (at least all in
jurisdictions which recognize Kosovo) treat Kosovo in a
uniform fashion. Thoughts?<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif"" lang="EN-GB"><br>
I'm not in favor because this code doesn't say really
anything to a relying party (could be as well XX). A code
that hasn't been approved shall not be used because it's
not possible to recognize it.<o:p></o:p></span></p>
<div>
<table class="MsoNormalTable" border="0" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<td colspan="2" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times
New Roman","serif"">Regards <o:p></o:p></span></p>
</td>
</tr>
<tr>
<td colspan="2" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times
New Roman","serif""> <o:p></o:p></span></p>
</td>
</tr>
<tr>
<td style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times
New Roman","serif"">Signer: <o:p></o:p></span></p>
</td>
<td style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times
New Roman","serif"">Eddy Nigg,
COO/CTO<o:p></o:p></span></p>
</td>
</tr>
<tr>
<td style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times
New Roman","serif""> <o:p></o:p></span></p>
</td>
<td style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times
New Roman","serif""><a
moz-do-not-send="true"
href="http://www.startcom.org">StartCom Ltd.</a><o:p></o:p></span></p>
</td>
</tr>
<tr>
<td style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times
New Roman","serif"">XMPP: <o:p></o:p></span></p>
</td>
<td style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times
New Roman","serif""><a
moz-do-not-send="true"
href="xmpp:startcom@startcom.org">startcom@startcom.org</a><o:p></o:p></span></p>
</td>
</tr>
<tr>
<td style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times
New Roman","serif"">Blog: <o:p></o:p></span></p>
</td>
<td style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times
New Roman","serif""><a
moz-do-not-send="true"
href="http://blog.startcom.org">Join the
Revolution!</a><o:p></o:p></span></p>
</td>
</tr>
<tr>
<td style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times
New Roman","serif"">Twitter: <o:p></o:p></span></p>
</td>
<td style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times
New Roman","serif""><a
moz-do-not-send="true"
href="http://twitter.com/eddy_nigg">Follow Me</a><o:p></o:p></span></p>
</td>
</tr>
<tr>
<td colspan="2" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times
New Roman","serif""> <o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</div>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif"" lang="EN-GB"><o:p> </o:p></span></p>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="http://cabforum.org/mailman/listinfo/public">http://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
</body>
</html>