<html>
<head>
<meta content="text/html; charset=GB2312" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Bonjour Wen-Cheng,<br>
<br>
Le 30/10/2014 18:58, 王文正 a écrit :<br>
</div>
<blockquote
cite="mid:20825998BCB8D84C983674C159E25E753D54C610@mbs6.app.corp.cht.com.tw"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=GB2312">
<style id="owaParaStyle">P {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
</style>
<div style="FONT-FAMILY: Times New Roman; DIRECTION: ltr; COLOR:
#000000; FONT-SIZE: 12pt">
<p>Dear Erwann,</p>
<p> </p>
<p>I really don't want to waste mailing list bandwidth to
discuss political issues here. However, there are some
statements you wrote in your last reply need to be corrected.</p>
</div>
</blockquote>
<br>
I don't think it's a waste. CABForum already had to discuss about
country codes for non UN approved countries, such as Kosovo. I see
the present discussion as an extension of this previous one.<br>
<br>
<blockquote
cite="mid:20825998BCB8D84C983674C159E25E753D54C610@mbs6.app.corp.cht.com.tw"
type="cite">
<div style="FONT-FAMILY: Times New Roman; DIRECTION: ltr; COLOR:
#000000; FONT-SIZE: 12pt">
<p>1. Regarding the <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="http://www.oid-info.com/" target="_blank">
www.oid-info.com</a> site, it is clearly stated on its
homepage that 'this OID repository is not an official
registration authority for OIDs'.</p>
</div>
</blockquote>
<br>
That's right. <a class="moz-txt-link-abbreviated" href="http://www.oid-info.com">www.oid-info.com</a> is NOT a registration authority, in
the sense that this site does not allocate OID arcs to entities.<br>
<a class="moz-txt-link-abbreviated" href="http://www.oid-info.com">www.oid-info.com</a> is the OID repository maintained by ITU-T SG17,
which is also the official registration authority of the 2.16 arc.
If you get the X.660 recommendation (freely downloadable from
<a class="moz-txt-link-freetext" href="http://www.itu.int/ITU-T/recommendations/rec.aspx?rec=11336">http://www.itu.int/ITU-T/recommendations/rec.aspx?rec=11336</a>), you'll
see they provide this website as an information service about OIDs.<br>
<br>
<blockquote
cite="mid:20825998BCB8D84C983674C159E25E753D54C610@mbs6.app.corp.cht.com.tw"
type="cite">
<div style="FONT-FAMILY: Times New Roman; DIRECTION: ltr; COLOR:
#000000; FONT-SIZE: 12pt">
<p>2. The Taiwan country OID arcs should belong to Taiwan
government. Speaking of OID hijack, the Taiwan OID arcs were
orginally hijacked by Raymond Lee since 1998. Raymond Lee is
actually a Hong Kong citizen and Taiwan government never
nominated him as the registration authority of Taiwan OID
arcs. Raymon Lee put some malicious description on the web
pages of Taiwan OID arcs on purpose. Several years ago, Taiwan
government had ever ask Raymond Lee to return back the Taiwan
OID arcs, but Raymond Lee ask Taiwan government to pay him a
lot of money if they want to take back the Taiwan OID arcs.
Taiwan government of course refused the extort and sent an
offical letter to ask the operator of the
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="http://www.oid-info.com/" target="_blank">
www.oid-info.com</a> site to cancel Raymond Lee right as
registration authority of Taiwan OID arcs. Unfortunately, the
operator of the
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="http://www.oid-info.com/" target="_blank">
www.oid-info.com</a> site did not take any action. Now, the
Taiwan OID arcs on the
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="http://www.oid-info.com/" target="_blank">
www.oid-info.com</a> site are hijacked again by the Taiwan
Registration and Certification Authority Inc. (your so-called
TWRA). As far as I know, Taiwan government never nominated
TWRA as the registration authority of Taiwan OID arcs. I can
not even found company registration information of Taiwan
Registration and Certification Authority Inc. in Taiwan.</p>
<p> </p>
<p>I really don't know what is going on with the <a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="http://www.oid-info.com/" target="_blank">
www.oid-info.com</a> site. Why do they allow Taiwan
country OID arcs be hijacked and ignore Taiwan government's
request to take back the country OID arcs?</p>
<p>My dear Erwann, if you know which person of the <a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="http://www.oid-info.com/" target="_blank">
www.oid-info.com</a> site the Taiwan government should
contact, please kindly let me know. I am sure Taiwan
government will be glad to send an offical letter to that
right person to take back the country OID arcs.</p>
</div>
</blockquote>
<br>
Official Taiwan OID arc is 2.16.158.<br>
The exact procedure to get control of the 2.16.158 arc is described
in X.660. There's no money to be exchanged with Raymond Lee.<br>
It requires the joint decision of Taiwan's ITU Member State and
Taiwan's ISO Member Body, and this decision has to be sent to ITU-T
SG17 and ISO/IEC JTC 1/SC6.<br>
<br>
ITU Member States and ISO Member Bodies are listed here:<br>
-
<a class="moz-txt-link-freetext" href="http://www.itu.int/online/mm/scripts/mm.list?_search=ITUstates&_languageid=1&_foto=y">http://www.itu.int/online/mm/scripts/mm.list?_search=ITUstates&_languageid=1&_foto=y</a><br>
- <a class="moz-txt-link-freetext" href="http://www.iso.org/iso/about/iso_members.htm">http://www.iso.org/iso/about/iso_members.htm</a><br>
Unfortunately, Taiwan appears nowhere in these lists. Your
government MUST start here.<br>
<br>
I already contacted the SG17 OID project leader and oid-info.com
maintainer (same person, Olivier Dubuisson) about this problem 2
years ago, and his answer was that the request must officially go
the ITU way.<br>
<br>
I agree this is unsatisfactory, unfortunate, unfair, un-whatever,
but IANA PEN is a perfect source to get your own OID arc, until
Taiwan government does its job.<br>
For now, 2.16.158, 2.16.886, 1.2.158 and 1.2.886 cannot be used as
OID prefixes.<br>
<br>
<blockquote
cite="mid:20825998BCB8D84C983674C159E25E753D54C610@mbs6.app.corp.cht.com.tw"
type="cite">
<div style="FONT-FAMILY: Times New Roman; DIRECTION: ltr; COLOR:
#000000; FONT-SIZE: 12pt">
<div>
<p> </p>
<div style="FONT-FAMILY: Tahoma; FONT-SIZE: 13px"><font
size="2" face="Tahoma">
<div style="FONT-FAMILY: Tahoma; FONT-SIZE: 13px"
dir="ltr"><font size="3" color="#000000" face="Times New
Roman">Wen-Cheng Wang</font></div>
<div style="FONT-FAMILY: Tahoma; FONT-SIZE: 13px"
dir="ltr"> </div>
</font></div>
</div>
<hr tabindex="-1">
<div style="DIRECTION: ltr" id="divRpF379778"><font size="2"
color="#000000" face="Tahoma"><b>寄件者:</b> Erwann Abalea
[<a class="moz-txt-link-abbreviated" href="mailto:erwann.abalea@opentrust.com">erwann.abalea@opentrust.com</a>]<br>
<b>寄件日期:</b> 2014年10月30日 下午 10:10<br>
<b>收件者:</b> 王文正; <a class="moz-txt-link-abbreviated" href="mailto:public@cabforum.org">public@cabforum.org</a><br>
<b>主旨:</b> Re: [cabfpub] OIDs for DV and OV<br>
</font><br>
</div>
<div>
<div class="moz-cite-prefix">Bonjour Wen-Cheng,<br>
<br>
The political situation of Taiwan complicates the OID arcs
that depend on their recognition by UN (the 1.2.* and 2.16.*
arcs).<br>
<br>
ITU X.660 defines rules for OID registration:<br>
- under { iso(1) member-body(2) }, there's an integer taken
from ISO3166-1 (the numeric country code), and this arc is
assigned to the ISO national body of this country<br>
- under { joint-iso-itu-t(2) country(16) }, numeric-3 codes
of ISO3166-1 are reserved and assigned to registration
authorities choosen by the country's ITU member state and
ISO national body<br>
<br>
886 has never been the ISO 3166-1 numeric code of Taiwan
(this code was attributed to Yemen).<br>
886 is the telephone prefix code for Taiwan, that's all.<br>
<br>
By comparison, France telephone prefix code is 33, but
ISO3166-1 numeric code for France is 250. USA telephone
country code is 1 (shared with Canada, Puerto Rico, and
others), USA ISO3166-1 numeric code is 840.<br>
<br>
Nobody is free to take whatever OID arc they find pleasant.
We must all follow rules for certificate issuance, there are
also rules for the OID space.<br>
<br>
TWCA had the same problem for their EV OID, they were
hijacking an OID under the 2.16.158 arc, refusing to request
one from the official owner of this arc (TWRA). They were
asked to request a dedicated arc under IANA PEN
(1.3.6.1.4.1.40869).<br>
<br>
Political status of Taiwan is unfortunate, but if CABForum
is willing to adopt rules for OV/DV OIDs as it has done for
EV, what you're asking for is to import those political
issues into CABForum, and to adopt a bad behaviour that will
surely become a legacy problem in the future. Since you're
not issuing EV certificates at the moment, you have no
problem to switch to a IANA PEN OID.<br>
<br>
BTW, an official source of information for OID arcs is the <a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="http://www.oid-info.com/" target="_blank">
www.oid-info.com</a> site.<br>
<br>
<pre class="moz-signature" cols="72">--
Erwann ABALEA
</pre>
Le 30/10/2014 12:49, 王文正 a écrit :<br>
</div>
<blockquote type="cite">
<style>@font-face {
font-family: SimSun;
}
@font-face {
font-family: PMingLiU;
}
@font-face {
font-family: Cambria Math;
}
@font-face {
font-family: Calibri;
}
@font-face {
font-family: PMingLiU;
}
@font-face {
font-family: Tahoma;
}
@font-face {
font-family: Consolas;
}
@font-face {
font-family: ;
}
@page WordSection1 {margin: 72.0pt 72.0pt 72.0pt 72.0pt; }
P.MsoNormal {
MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman","serif"; COLOR: black; FONT-SIZE: 12pt
}
LI.MsoNormal {
MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman","serif"; COLOR: black; FONT-SIZE: 12pt
}
DIV.MsoNormal {
MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman","serif"; COLOR: black; FONT-SIZE: 12pt
}
A:link {
COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline
}
PRE {
MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Courier New"; COLOR: black; FONT-SIZE: 10pt
}
P.MsoAcetate {
MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman","serif"; COLOR: black; FONT-SIZE: 12pt
}
LI.MsoAcetate {
MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman","serif"; COLOR: black; FONT-SIZE: 12pt
}
DIV.MsoAcetate {
MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman","serif"; COLOR: black; FONT-SIZE: 12pt
}
SPAN.HTML {
FONT-FAMILY: "Courier New"; COLOR: black
}
SPAN.a {
FONT-FAMILY: "Cambria","serif"; COLOR: black
}
SPAN.TextodegloboCar {
FONT-FAMILY: "Tahoma","sans-serif"
}
P.Textodeglobo {
MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman","serif"; COLOR: black; FONT-SIZE: 12pt
}
LI.Textodeglobo {
MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman","serif"; COLOR: black; FONT-SIZE: 12pt
}
DIV.Textodeglobo {
MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman","serif"; COLOR: black; FONT-SIZE: 12pt
}
SPAN.HTMLPreformattedChar {
FONT-FAMILY: Consolas; COLOR: black
}
P.HTMLPreformatted {
MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman","serif"; COLOR: black; FONT-SIZE: 12pt
}
LI.HTMLPreformatted {
MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman","serif"; COLOR: black; FONT-SIZE: 12pt
}
DIV.HTMLPreformatted {
MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman","serif"; COLOR: black; FONT-SIZE: 12pt
}
SPAN.BalloonTextChar {
FONT-FAMILY: "Tahoma","sans-serif"
}
P.BalloonText {
MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman","serif"; COLOR: black; FONT-SIZE: 12pt
}
LI.BalloonText {
MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman","serif"; COLOR: black; FONT-SIZE: 12pt
}
DIV.BalloonText {
MARGIN: 0cm 0cm 0pt; FONT-FAMILY: "Times New Roman","serif"; COLOR: black; FONT-SIZE: 12pt
}
SPAN.EmailStyle28 {
FONT-FAMILY: "Calibri","sans-serif"; COLOR: #1f497d
}
SPAN.EmailStyle29 {
FONT-FAMILY: "Calibri","sans-serif"; COLOR: #1f497d
}
SPAN.EmailStyle30 {
FONT-FAMILY: "Calibri","sans-serif"; COLOR: #1f497d
}
SPAN.EmailStyle31 {
FONT-FAMILY: "Calibri","sans-serif"; COLOR: #1f497d
}
SPAN.EmailStyle32 {
FONT-FAMILY: "Calibri","sans-serif"; COLOR: #1f497d
}
SPAN.EmailStyle33 {
FONT-FAMILY: "Calibri","sans-serif"; COLOR: #1f497d
}
SPAN.EmailStyle34 {
FONT-FAMILY: "Calibri","sans-serif"; COLOR: #1f497d
}
SPAN.EmailStyle35 {
FONT-FAMILY: "Calibri","sans-serif"; COLOR: #1f497d
}
SPAN.EmailStyle36 {
FONT-FAMILY: "Calibri","sans-serif"; COLOR: #1f497d
}
SPAN.EmailStyle37 {
FONT-FAMILY: "Calibri","sans-serif"; COLOR: #1f497d
}
SPAN.EmailStyle38 {
FONT-FAMILY: "Calibri","sans-serif"; COLOR: #1f497d
}
.MsoChpDefault {
FONT-SIZE: 10pt
}
DIV.WordSection1 {
}
</style>
<div class="WordSection1">
<p class="MsoNormal"><span style="FONT-FAMILY:
'Calibri','sans-serif'; COLOR: #1f497d" lang="EN-US">Dear
Erwann,</span></p>
<p class="MsoNormal"><span style="FONT-FAMILY:
'Calibri','sans-serif'; COLOR: #1f497d" lang="EN-US"></span> </p>
<p class="MsoNormal"><span style="FONT-FAMILY:
'Calibri','sans-serif'; COLOR: #1f497d" lang="EN-US">Indeed
there are conflicts about which OID should Taiwan use
due to very complicated political issues.</span></p>
<p class="MsoNormal"><span style="FONT-FAMILY:
'Calibri','sans-serif'; COLOR: #1f497d" lang="EN-US">The
truth is Taiwan government has already used 2.16.886
for many years. I do not think the CAB forum is
willing to discuss political issues here. So why do we
just leave it there unless the UN and the government
decide to change the status.</span></p>
<p class="MsoNormal"><span style="FONT-FAMILY:
'Calibri','sans-serif'; COLOR: #1f497d" lang="EN-US"></span> </p>
<p class="MsoNormal"><span lang="EN-US"><img
id="圖片_x0020_1"
src="cid:part8.02080500.03040301@opentrust.com"
showedtooltip="0" entertime="1414686499576"
width="529" height="544"></span><span
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR:
#1f497d" lang="EN-US"></span></p>
<p class="MsoNormal"><span style="FONT-FAMILY:
'Calibri','sans-serif'; COLOR: #1f497d" lang="EN-US"></span> </p>
<div>
<p class="MsoNormal"><span style="FONT-FAMILY:
'Calibri','sans-serif'; COLOR: #1f497d" lang="EN-US">Wen-Cheng
Wang</span></p>
</div>
<p class="MsoNormal"><span style="FONT-FAMILY:
'Calibri','sans-serif'; COLOR: #1f497d" lang="EN-US"></span> </p>
<div>
<div style="BORDER-BOTTOM: medium none; BORDER-LEFT:
medium none; PADDING-BOTTOM: 0cm; PADDING-LEFT: 0cm;
PADDING-RIGHT: 0cm; BORDER-TOP: #b5c4df 1pt solid;
BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<p class="MsoNormal"><b><span style="FONT-FAMILY:
'Tahoma','sans-serif'; COLOR: windowtext;
FONT-SIZE: 10pt" lang="EN-US">From:</span></b><span
style="FONT-FAMILY: 'Tahoma','sans-serif'; COLOR:
windowtext; FONT-SIZE: 10pt" lang="EN-US">
<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:public-bounces@cabforum.org"
target="_blank">
public-bounces@cabforum.org</a> [<a
moz-do-not-send="true"
class="moz-txt-link-freetext"
href="mailto:public-bounces@cabforum.org"
target="_blank">mailto:public-bounces@cabforum.org</a>]
<b>On Behalf Of </b>Erwann Abalea<br>
<b>Sent:</b> Thursday, October 30, 2014 6:53 PM<br>
<b>To:</b> <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:public@cabforum.org"
target="_blank">
public@cabforum.org</a><br>
<b>Subject:</b> Re: [cabfpub] OIDs for DV and OV</span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"></span> </p>
<div>
<p class="MsoNormal"><span lang="EN-US">Except that the
2.16.886 arc has never been assigned to Taiwan, so
you cannot use it.<br>
<br>
<br>
</span></p>
<pre><span lang="EN-US">-- </span></pre>
<pre><span lang="EN-US">Erwann ABALEA</span></pre>
<pre><span lang="EN-US"> </span></pre>
<p class="MsoNormal"><span lang="EN-US">Le 29/10/2014
11:46, </span><span style="FONT-FAMILY: SimSun"
lang="ZH-CN">陳立群</span><span lang="EN-US"> a écrit :</span></p>
</div>
<blockquote style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt">
<p class="MsoNormal"><span style="COLOR: #040498"
lang="EN-US">Dear Dean,</span><span lang="EN-US"></span></p>
<p class="MsoNormal"><span style="COLOR: #040498"
lang="EN-US"></span><span lang="EN-US"></span> </p>
<p class="MsoNormal"><span style="COLOR: #040498"
lang="EN-US"> The OV OID used by Chunghwa
Telecom Co., Ltd. is 2.16.886.1.1.100.0.3.
</span><span lang="EN-US"></span></p>
<p class="MsoNormal"><span style="COLOR: #040498"
lang="EN-US"></span><span lang="EN-US"></span> </p>
<p style="TEXT-INDENT: 18pt" class="MsoNormal"><span
style="COLOR: #040498" lang="EN-US">We will add
CA/Browser Forum OV/DV OID to our SHA-2 intermediate
CA and SHA-2 End Entity SSL Certificate about
December. At present , Chunghwa Telecom Co., Ltd.
does not issue DV SSL certificate. </span><span
lang="EN-US"></span></p>
</blockquote>
<p class="MsoNormal"><span style="FONT-FAMILY: SimSun"
lang="EN-US"></span> </p>
</div>
<b><br>
<br>
<font size="-1">本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利用本信
件內容,並請 銷毀此信件.
如為指定收件者,應確實保護郵件中本公司之營業機密及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性,以
共同善盡資訊安全與個資保護責任.
<br>
Please be advised that this email message (including any
attachments) contains confidential information and may
be legally privileged. If you are not the intended
recipient, please destroy this message and all
attachments from your system and do not further collect,
process, or use them. Chunghwa Telecom and all its
subsidiaries and associated companies shall not be
liable for the improper or incomplete transmission of
the information contained in this email nor for any
delay in its receipt or damage to your system. If you
are the intended recipient, please protect the
confidential and/or personal information contained in
this email with due care. Any unauthorized use,
disclosure or distribution of this message in whole or
in part is strictly prohibited. Also, please
self-inspect attachments and hyperlinks contained in
this email to ensure the information security and to
protect personal information.</font></b>
</blockquote>
<br>
</div>
</div>
</blockquote>
<br>
</body>
</html>