<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
text-align:justify;
font-size:10.5pt;
font-family:"Arial",sans-serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:42.0pt;
margin-bottom:.0001pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:0in;
mso-para-margin-left:4.0gd;
mso-para-margin-bottom:.0001pt;
text-align:justify;
font-size:10.5pt;
font-family:"Arial",sans-serif;
color:black;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Arial",sans-serif;
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Calibri",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:99.25pt 85.05pt 85.05pt 85.05pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:2070615007;
mso-list-type:hybrid;
mso-list-template-ids:-788492672 -1188127980 67698711 67698705 67698703 67698711 67698705 67698703 67698711 67698705;}
@list l0:level1
{mso-level-number-format:alpha-lower;
mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.25in;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:aiueo-full-width;
mso-level-text:"\(%2\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:42.0pt;
text-indent:-21.0pt;}
@list l0:level3
{mso-level-number-format:decimal-enclosed-circle;
mso-level-text:%3;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:63.0pt;
text-indent:-21.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:84.0pt;
text-indent:-21.0pt;}
@list l0:level5
{mso-level-number-format:aiueo-full-width;
mso-level-text:"\(%5\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:105.0pt;
text-indent:-21.0pt;}
@list l0:level6
{mso-level-number-format:decimal-enclosed-circle;
mso-level-text:%6;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.75in;
text-indent:-21.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:147.0pt;
text-indent:-21.0pt;}
@list l0:level8
{mso-level-number-format:aiueo-full-width;
mso-level-text:"\(%8\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:168.0pt;
text-indent:-21.0pt;}
@list l0:level9
{mso-level-number-format:decimal-enclosed-circle;
mso-level-text:%9;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:189.0pt;
text-indent:-21.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:windowtext'>This section needs several revisions, which we’ve discussed on the code signing mailing list. It’s probably about time to ballot some of these. Here’s a proposed change we previously discussed in the working group:<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri",sans-serif;color:windowtext'><o:p> </o:p></span></p><p class=MsoPlainText>The Certificate MUST include a SubjectAltName:permanentIdentifier (identifier). This field MUST contain a Unicode string created from the contents of the Certificate's subject fields using the first of the following to apply: <o:p></o:p></p><p class=MsoPlainText>a) If the Certificate contains the subjectjurisdictionOfIncorporationLocalityName field then<o:p></o:p></p><p class=MsoPlainText>i) if the Certificate contains a Registration Number then the identifier is created and formatted as "CC-LOC-REG"<o:p></o:p></p><p class=MsoPlainText>ii) if the Certificate contains a Registration Date then identifier is created and formatted as "CC-LOC-DATE-ORG"<o:p></o:p></p><p class=MsoPlainText>iii) otherwise the identifier is created and formatted as "CC-LOC-ORG"<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>b) If the Certificate contains the subjectjurisdictionOfIncorporationStateorProvinceName field then<o:p></o:p></p><p class=MsoPlainText>i) if the Certificate contains a Registration Number then identifier is created and formatted as "CC-STATE-REG"<o:p></o:p></p><p class=MsoPlainText>ii) if the Certificate contains a Registration Date then identifier is created and formatted as "CC-STATE-DATE-ORG"<o:p></o:p></p><p class=MsoPlainText>iii) otherwise the identifier is created and formatted as "CC-STATE-ORG"<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>Where:<o:p></o:p></p><p class=MsoPlainText>a) CC is the ISO 3166-2 country code corresponding Subject’s Jurisdiction of Incorporation or Registration (CC), as specified in the subject:jurisdictionOfIncorporationCountryName field;<o:p></o:p></p><p class=MsoPlainText>b) LOC is Subject’s Jurisdiction of Incorporation in uppercase characters as specified in the subjectjurisdictionOfIncorporationLocalityName, expressed in an unabbreviated format;<o:p></o:p></p><p class=MsoPlainText>c) STATE is the Subject's Jurisdiction of Incorporation in uppercase characters as specified in the subject:jurisdictionofIncorporationStateorProvinceName field, expressed in an unabbreviated format;<o:p></o:p></p><p class=MsoPlainText>d) REG is the Subject's Registration Number as included in the Subject:serialNumber field;<o:p></o:p></p><p class=MsoPlainText>e) DATE is the Subject's date of Incorporation or Registration in YYYY-MM-DD format (DATE) as included in the Subject:serialNumber field; and<o:p></o:p></p><p class=MsoPlainText>f) ORG is the Subject’s Organization Name as included in the organizationName field (ORG), <o:p></o:p></p><p class=MsoPlainText>g) All included “-“ characters are Unicode 002D and any included spaces in REG, STATE, or ORG are Unicode 0020. <o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoPlainText>The “assigner name form” MUST be absent from the SAN field used for the permanentIdentifier. However, it is expected that Application Software will treat the permanentIdentifier as globally unique.<o:p></o:p></p><p class=MsoPlainText><o:p> </o:p></p><p class=MsoNormal>Jeremy<o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext'><o:p> </o:p></span></p><p class=MsoNormal><a name="_MailEndCompose"><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext'><o:p> </o:p></span></a></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal align=left style='text-align:left'><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext'> public-bounces@cabforum.org [mailto:public-bounces@cabforum.org] <b>On Behalf Of </b>Rich Smith<br><b>Sent:</b> Friday, May 6, 2016 1:49 PM<br><b>To:</b> public@cabforum.org<br><b>Subject:</b> Re: [cabfpub] FW: ambiguity implementing permanentIdentifier<o:p></o:p></span></p></div></div><p class=MsoNormal align=left style='text-align:left'><o:p> </o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'>This portion is pretty much identical to the EV Guidelines and I've always interpreted it to mean that for a business registered at the locality level, regardless of whether or not regulated by the state/province, the correct encoding is:<br>JC = xx, JST = yy, JL = zz<span style='font-size:12.0pt'><o:p></o:p></span></p><div><p class=MsoNormal>On 5/6/2016 2:41 PM, Dean Coclin wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Forwarding to the public list for greater reach and commentary…</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'> </span><o:p></o:p></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal align=left style='text-align:left'><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> <a href="mailto:codesigning-bounces@cabforum.org">codesigning-bounces@cabforum.org</a> [<a href="mailto:codesigning-bounces@cabforum.org">mailto:codesigning-bounces@cabforum.org</a>] <b>On Behalf Of </b>Koichi Sugimoto<br><b>Sent:</b> Friday, May 06, 2016 5:59 AM<br><b>To:</b> <a href="mailto:codesigning@cabforum.org">codesigning@cabforum.org</a><br><b>Subject:</b> [cabfc_s] ambiguity implementing permanentIdentifier</span><o:p></o:p></p></div></div><p class=MsoNormal align=left style='text-align:left'> <o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>Hello,</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>While I analyzing SubjectAltName:permanentIdentifier specified in section 9.7 of EV-Code-Signing-v.1.3.pdf,<br>I found an ambiguity of generating “STATE”.</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>9.7 (B) 2) says:</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>If applicable, the state, province, or locality of the Subject’s Jurisdiction of Incorporation in</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>uppercase characters as specified in the subjectjurisdictionOfIncorporationLocalityName or</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>subject:jurisdictionofIncorporationStateorProvinceName field, expressed in an unabbreviated</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>format (STATE);</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>Let JST be subjectjurisdictionOfIncorporationLocalityName and JL be subject:jurisdictionofIncorporationStateorProvinceName.</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>In such case, following all patterns are acceptable?</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'> </span><o:p></o:p></p><p class=MsoListParagraph style='margin-left:.25in;mso-para-margin-left:0gd;text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span style='mso-list:Ignore'>a)<span style='font:7.0pt "Times New Roman"'> </span></span><![endif]><span style='font-size:10.0pt;mso-fareast-language:JA'>STATE=ST</span><o:p></o:p></p><p class=MsoListParagraph style='margin-left:.25in;mso-para-margin-left:0gd;text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span style='mso-list:Ignore'>b)<span style='font:7.0pt "Times New Roman"'> </span></span><![endif]><span style='font-size:10.0pt;mso-fareast-language:JA'>STATE=JL-ST</span><o:p></o:p></p><p class=MsoListParagraph style='margin-left:.25in;mso-para-margin-left:0gd;text-indent:-.25in;mso-list:l0 level1 lfo2'><![if !supportLists]><span style='mso-list:Ignore'>c)<span style='font:7.0pt "Times New Roman"'> </span></span><![endif]><span style='font-size:10.0pt;background:yellow;mso-highlight:yellow;mso-fareast-language:JA'>STATE=JL</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>I also have a problem of implementing JST and JL.</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>Section 9.2.5 of EV-V1_5_9.pdf specifies how to implement JST, JL and JC (JC means subject:jurisdictionCountryName).</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>The specification says:</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>For example, the Jurisdiction of Incorporation for an Incorporating Agency or</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>Jurisdiction of Registration for a Registration Agency that operates at the country level MUST include the country</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>information but MUST NOT include the state or province or locality information. Similarly, the jurisdiction for</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>the applicable Incorporating Agency or Registration Agency at the state or province level MUST include both</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>country and state or province information, but MUST NOT include locality information. And, the jurisdiction for</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>the applicable Incorporating Agency or Registration Agency at the locality level MUST include the country and</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>state or province information, where the state or province regulates the registration of the entities at the locality</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>level, as well as the locality information.</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>I understand this definition as:</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>If COUNTRY LEVEL</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>JC = xx</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>ELSE IF ST/P LEVEL</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>JC = xx, JST = yy</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>ELSE (=IF LOCALITY LEVEL) {</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>IF "state or province regulates the registration of the entities at the locality level"</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>JC = xx, JST = yy, JL = zz</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;background:yellow;mso-highlight:yellow;mso-fareast-language:JA'>ELSE (=IF "state or province does not regulate the registration of the entities at the locality level")</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;background:yellow;mso-highlight:yellow;mso-fareast-language:JA'>JC = xx, JL = zz</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>}</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>I am very interested in the yellow colored parts.</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>If both are acceptable, it’s OK.</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>But, if “c) STATE=JL” is not acceptable, then, how should we cope with the case of “JC=xx, JL=zz”?</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'>And also if “JC=xx, JL=zz” is not acceptable, how should we cope with the case of “c) STATE=JL”?</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;mso-fareast-language:JA'> </span><o:p></o:p></p><p class=MsoNormal style='line-height:13.0pt;mso-line-height-rule:exactly'><span style='font-size:10.0pt;mso-fareast-language:JA'>Regards,</span><o:p></o:p></p><p class=MsoNormal style='line-height:13.0pt;mso-line-height-rule:exactly'><span style='font-size:10.0pt;mso-fareast-language:JA'>Koichi Sugimoto.</span><o:p></o:p></p><p class=MsoNormal><span style='mso-fareast-language:JA'> </span><o:p></o:p></p><p class=MsoNormal align=left style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:left'><span style='font-size:12.0pt;font-family:"Times New Roman",serif'><br><br><br><o:p></o:p></span></p><pre>_______________________________________________<o:p></o:p></pre><pre>Public mailing list<o:p></o:p></pre><pre><a href="mailto:Public@cabforum.org">Public@cabforum.org</a><o:p></o:p></pre><pre><a href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a><o:p></o:p></pre></blockquote><p class=MsoNormal align=left style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;text-align:left'><span style='font-size:12.0pt;font-family:"Times New Roman",serif'><o:p> </o:p></span></p></div></body></html>