<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><font face="Calibri">Pardon me for commenting on this topic when
the ballot was already initiated.<br>
</font></p>
<p><font face="Calibri">However, I was not implying that the BRs
currently require extra attributes</font><font face="Calibri">
in the Subject DN, nor am I proposing to modify the BRs at this
stage.<br>
</font></p>
<p><font face="Calibri">I was just arguing that givenName+surname is
too vague as an identity, IMO, even if referred to a specific
country and locality. <br>
</font></p>
<p><font face="Calibri">That is, it does not seem to me an effective
"equivalent" of the organizationName that is requested for OV
certs.<br>
</font></p>
<p><font face="Calibri">I know that the BRs have been that way for
long, so I am aware that my is a bit untimely.<br>
</font></p>
<br>
<div class="moz-cite-prefix">Il 24/08/2016 13:07, Erwann Abalea ha
scritto:<br>
</div>
<blockquote
cite="mid:AE409C33-1AD4-4E79-864A-EC66D3E88411@docusign.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<div class="">Bonjour,</div>
<div class=""><br class="">
</div>
<div class="">givenName and surName are sufficient to specify an
identity. More than one person may share this identity, but to
me, BR don’t tend to distinguish them. There’s nothing in BR
requiring CAs to generate certificates with canonical and
non-ambiguous names. The non-ambiguity goal is achieved by
following EVG only.</div>
<div class=""><br class="">
</div>
<div class="">Given your example IV certificate, you’ll have
givenName=John, surName=Doe, and also a country and either a
localityName or a stateOrProvinceName. So you’ll know that this
website belongs to someone named John Doe living in a specific
city or state in this country, but nothing more.</div>
<div class=""><br class="">
</div>
<div class="">If you want to follow ETSI 319412-1 rules and insert
a serialNumber attribute to avoid name collisions, feel free,
it’s not forbidden.</div>
<br class="">
<div class="">
<div class="">Cordialement,</div>
<div class="">Erwann Abalea</div>
</div>
<br class="">
<div>
<blockquote type="cite" class="">
<div class="">Le 24 août 2016 à 12:08, Adriano Santoni <<a
moz-do-not-send="true"
href="mailto:adriano.santoni@staff.aruba.it" class="">adriano.santoni@staff.aruba.it</a>>
a écrit :</div>
<br class="Apple-interchange-newline">
<div class="">
<p style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);" class="">
<font class="" face="Calibri">But givenName and surname
are not sufficient to specify an identity. How many
Robert Smiths exist in UK/US/CA ? (or Mario Rossi in
Italy, as to that).<br class="">
</font></p>
<p style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);" class="">
<font class="" face="Calibri">If I would like to know
who's behind a web site whose SSL cert contains
giveName=John, surname=Doe, I am none the wiser.<br
class="">
</font></p>
<br style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);" class="">
<div class="moz-cite-prefix" style="font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height:
normal; orphans: auto; text-align: start; text-indent:
0px; text-transform: none; white-space: normal; widows:
auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);">
Il 23/08/2016 20:02, Bruce Morton ha scritto:<br class="">
</div>
<blockquote
cite="mid:04dc1a6b6f5645d598069c4761f4d42a@PMSPEX04.corporate.datacard.com"
type="cite" style="font-family: Helvetica; font-size:
12px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height:
normal; orphans: auto; text-align: start; text-indent:
0px; text-transform: none; white-space: normal; widows:
auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);" class="">
<div class="WordSection1" style="page: WordSection1;">
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span style="color: rgb(31, 73, 125);" class="">OK,
thanks.<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span style="color: rgb(31, 73, 125);" class=""> </span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span style="color: rgb(31, 73, 125);" class="">Bruce.<o:p
class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span style="color: rgb(31, 73, 125);" class=""> </span></div>
<div class="">
<div style="border-style: solid none none;
border-top-color: rgb(225, 225, 225);
border-top-width: 1pt; padding: 3pt 0in 0in;"
class="">
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;" class="">
<b class="">From:</b><span
class="Apple-converted-space"> </span>Jeremy
Rowley [<a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="mailto:jeremy.rowley@digicert.com"
style="color: rgb(149, 79, 114);
text-decoration: underline;">mailto:jeremy.rowley@digicert.com</a>]<span
class="Apple-converted-space"> </span><br
class="">
<b class="">Sent:</b><span
class="Apple-converted-space"> </span>Monday,
August 22, 2016 6:16 PM<br class="">
<b class="">To:</b><span
class="Apple-converted-space"> </span>Bruce
Morton<span class="Apple-converted-space"> </span><a
moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:Bruce.Morton@entrust.com"
style="color: rgb(149, 79, 114);
text-decoration: underline;"><Bruce.Morton@entrust.com></a>;<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:public@cabforum.org" style="color:
rgb(149, 79, 114); text-decoration: underline;">public@cabforum.org</a><br
class="">
<b class="">Subject:</b><span
class="Apple-converted-space"> </span>RE:
givenName and surname revived<o:p class=""></o:p></div>
</div>
</div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span class="">What do you mean by definition? I
consider IV v. OV well defined because of the
meaning associated with the OID inserted into the
cert. Section 7.1.6.1 states “<span
class="Apple-converted-space"> </span></span>{joint‐iso‐itu‐t(2)
international‐organizations(23) ca‐browser‐forum(140)
certificate‐policies(1) baseline‐requirements(2)
individual‐validated(3)} (2.23.140.1.2.3), if the
Certificate complies with these Requirements and
includes Subject Identity Information that is verified
in accordance with Section 3.2.3.” Section 3.2.3 is
verification of an individual whereas Section 3.2.2 is
verification of an organization. <o:p class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
Jeremy<span class=""><o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<a moz-do-not-send="true" name="_MailEndCompose"
class=""> </a></div>
<div class="">
<div style="border-style: solid none none;
border-top-color: rgb(225, 225, 225);
border-top-width: 1pt; padding: 3pt 0in 0in;"
class="">
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;" class="">
<b class="">From:</b><span
class="Apple-converted-space"> </span>Bruce
Morton [<a moz-do-not-send="true"
href="mailto:Bruce.Morton@entrust.com"
style="color: rgb(149, 79, 114);
text-decoration: underline;" class="">mailto:Bruce.Morton@entrust.com</a>]<span
class="Apple-converted-space"> </span><br
class="">
<b class="">Sent:</b><span
class="Apple-converted-space"> </span>Monday,
August 22, 2016 6:11 AM<br class="">
<b class="">To:</b><span
class="Apple-converted-space"> </span>Jeremy
Rowley <<a moz-do-not-send="true"
href="mailto:jeremy.rowley@digicert.com"
style="color: rgb(149, 79, 114);
text-decoration: underline;" class="">jeremy.rowley@digicert.com</a>>;<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="mailto:public@cabforum.org" style="color:
rgb(149, 79, 114); text-decoration: underline;"
class="">public@cabforum.org</a><br class="">
<b class="">Subject:</b><span
class="Apple-converted-space"> </span>RE:
givenName and surname revived<o:p class=""></o:p></div>
</div>
</div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span style="color: rgb(31, 73, 125);" class="">Hi
Jeremy,<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span style="color: rgb(31, 73, 125);" class=""> </span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span style="color: rgb(31, 73, 125);" class="">My
apologies, but can you clarify the section where IV
certs are well defined? I see that
“individual-validated” is stated twice in sections
1.2 and 7.1.6.1 (the same for domain-validated and
organization-validated), but I can’t find the
definition.<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span style="color: rgb(31, 73, 125);" class=""> </span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span style="color: rgb(31, 73, 125);" class="">Thanks,
Bruce.<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span style="color: rgb(31, 73, 125);" class=""> </span></div>
<div class="">
<div style="border-style: solid none none;
border-top-color: rgb(225, 225, 225);
border-top-width: 1pt; padding: 3pt 0in 0in;"
class="">
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;" class="">
<b class="">From:</b><span
class="Apple-converted-space"> </span>Jeremy
Rowley [<a moz-do-not-send="true"
href="mailto:jeremy.rowley@digicert.com"
style="color: rgb(149, 79, 114);
text-decoration: underline;" class="">mailto:jeremy.rowley@digicert.com</a>]<span
class="Apple-converted-space"> </span><br
class="">
<b class="">Sent:</b><span
class="Apple-converted-space"> </span>Saturday,
August 20, 2016 10:41 AM<br class="">
<b class="">To:</b><span
class="Apple-converted-space"> </span>Bruce
Morton <<a moz-do-not-send="true"
href="mailto:Bruce.Morton@entrust.com"
style="color: rgb(149, 79, 114);
text-decoration: underline;" class="">Bruce.Morton@entrust.com</a>>;<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="mailto:public@cabforum.org" style="color:
rgb(149, 79, 114); text-decoration: underline;"
class="">public@cabforum.org</a><br class="">
<b class="">Subject:</b><span
class="Apple-converted-space"> </span>RE:
givenName and surname revived<o:p class=""></o:p></div>
</div>
</div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span class="">Hey Bruce – IV certs are well defined.
The goal of the ballot isn’t to further define IV
certs but to permit use of the givenName and surname
fields for IV certs. giveName and surname in the org
field would be allowed. They’d still use the IV OIDs
as they were validated under the IV section of the
CP.<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span class=""> </span></div>
<div class="">
<div style="border-style: solid none none;
border-top-color: rgb(225, 225, 225);
border-top-width: 1pt; padding: 3pt 0in 0in;"
class="">
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;" class="">
<b class="">From:</b><span
class="Apple-converted-space"> </span>Bruce
Morton [<a moz-do-not-send="true"
href="mailto:Bruce.Morton@entrust.com"
style="color: rgb(149, 79, 114);
text-decoration: underline;" class="">mailto:Bruce.Morton@entrust.com</a>]<span
class="Apple-converted-space"> </span><br
class="">
<b class="">Sent:</b><span
class="Apple-converted-space"> </span>Friday,
August 19, 2016 6:41 AM<br class="">
<b class="">To:</b><span
class="Apple-converted-space"> </span>Jeremy
Rowley <<a moz-do-not-send="true"
href="mailto:jeremy.rowley@digicert.com"
style="color: rgb(149, 79, 114);
text-decoration: underline;" class="">jeremy.rowley@digicert.com</a>>;<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="mailto:public@cabforum.org" style="color:
rgb(149, 79, 114); text-decoration: underline;"
class="">public@cabforum.org</a><br class="">
<b class="">Subject:</b><span
class="Apple-converted-space"> </span>RE:
givenName and surname revived<o:p class=""></o:p></div>
</div>
</div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span style="color: rgb(31, 73, 125);" class="">Hi
Jeremy,<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span style="color: rgb(31, 73, 125);" class=""> </span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span style="color: rgb(31, 73, 125);" class="">Would
like some clarification. On the call yesterday, it
was said that IV certificates were not defined, so
this ballot will help resolve this.<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span style="color: rgb(31, 73, 125);" class=""> </span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span style="color: rgb(31, 73, 125);" class="">Per
7.1.4.2.2 b, the current BRs allow givenName and
surname to be included in the organizationName
field. Will this still be allowed? If so, what would
the certificate type be? OV or IV? I would prefer
that these be OV certificates.<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span style="color: rgb(31, 73, 125);" class=""> </span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span style="color: rgb(31, 73, 125);" class="">If we
do make the changes and the CAs have to meet
Microsoft’s requirement to put a DV, OV, or IV
certificate policy in the certificate, I think we
should clearly define each certificate type.<o:p
class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span style="color: rgb(31, 73, 125);" class=""> </span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span style="color: rgb(31, 73, 125);" class="">Also,
the stateOrProvinceName field appears to currently
have an issue as it does not have any language to
address the case where there is no state or province
in the address.<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span style="color: rgb(31, 73, 125);" class=""> </span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span style="color: rgb(31, 73, 125);" class="">Thanks,
Bruce.<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span style="color: rgb(31, 73, 125);" class=""> </span></div>
<div class="">
<div style="border-style: solid none none;
border-top-color: rgb(225, 225, 225);
border-top-width: 1pt; padding: 3pt 0in 0in;"
class="">
<div style="margin: 0in 0in 0.0001pt; font-size:
11pt; font-family: Calibri, sans-serif;" class="">
<b class="">From:</b><span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="mailto:public-bounces@cabforum.org"
style="color: rgb(149, 79, 114);
text-decoration: underline;" class="">public-bounces@cabforum.org</a><span
class="Apple-converted-space"> </span>[<a
moz-do-not-send="true"
href="mailto:public-bounces@cabforum.org"
style="color: rgb(149, 79, 114);
text-decoration: underline;" class="">mailto:public-bounces@cabforum.org</a>]<span
class="Apple-converted-space"> </span><b
class="">On Behalf Of<span
class="Apple-converted-space"> </span></b>Jeremy
Rowley<br class="">
<b class="">Sent:</b><span
class="Apple-converted-space"> </span>Thursday,
August 18, 2016 12:09 PM<br class="">
<b class="">To:</b><span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="mailto:public@cabforum.org" style="color:
rgb(149, 79, 114); text-decoration: underline;"
class="">public@cabforum.org</a><br class="">
<b class="">Subject:</b><span
class="Apple-converted-space"> </span>[cabfpub]
givenName and surname revived<o:p class=""></o:p></div>
</div>
</div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
Looking for two endorsers for the following revisions
the baseline requirements adding support for givenName
and surname:<o:p class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
Insert a new (C) under 7.1.4.2.2, renumbering all
subsequent bullets.<span class="Apple-converted-space"> </span><o:p
class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<u class="">c.<span class="Apple-converted-space"> </span><b
class="">Certificate Field</b>: subject:givenName
(2.5.4.42) and subject:surname (2.5.4.4)<o:p
class=""></o:p></u></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<b class=""><u class="">Optional.<span
class="Apple-converted-space"> </span><o:p
class=""></o:p></u></b></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<b class=""><u class="">Contents: </u></b><u class="">If
present, the subject:givenName field and
subject:surname field MUST contain an natural person
Subject’s name as verified under Section 3.2.3. A
Certificate containing a subject:givenName field or
subject:surname field MUST contain the
(2.23.140.1.2.3) Certificate Policy OID</u>.<u
class=""><o:p class=""></o:p></u></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<u class="">d.</u><span class="Apple-converted-space"> </span>Certificate
Field: Number and street: subject:streetAddress (OID:
2.5.4.9)<span class="Apple-converted-space"> </span><o:p
class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
Optional if the subject:organizationName field<u
class="">, subject: givenName field, or
subject:surname field are</u><span
class="Apple-converted-space"> </span><s class="">is</s>present.
Prohibited if the subject:organizationName field<u
class="">, subject:givenName, and subject:surname
field are</u><s class=""><span
class="Apple-converted-space"> </span>is</s><span
class="Apple-converted-space"> </span>absent.<o:p
class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span class="Apple-converted-space"> </span>Contents:
If present, the subject:streetAddress field MUST
contain the Subject’s street address information as
verified under Section 3.2.2.1.<span
class="Apple-converted-space"> </span><o:p class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<u class="">e</u>. Certificate Field:
subject:localityName (OID: 2.5.4.7)<span
class="Apple-converted-space"> </span><o:p class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
Required if the subject:organizationName field,<span
class="Apple-converted-space"> </span><u class="">subject:givenName
field, or subject:surname field are</u><span
class="Apple-converted-space"> </span><s class="">is</s>present
and the subject:stateOrProvinceName field is absent.
Optional if the<u class="">subject:stateOrProvinceName
field and the subject:organizationName field,
subject:givenName field, or subject:surname </u>field
are present. Prohibited if the
subject:organizationName field,<span
class="Apple-converted-space"> </span><u class="">subject:givenName,
and subject:surname field are<span
class="Apple-converted-space"> </span></u><s
class="">is</s><span class="Apple-converted-space"> </span>absent.<span
class="Apple-converted-space"> </span><o:p class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
Contents: If present, the subject:localityName field
MUST contain the Subject’s locality information as
verified under Section 3.2.2.1. If the
subject:countryName field specifies the ISO 3166‐1
user‐assigned code of XX in accordance with Section
7.1.4.2.2(g), the localityName field MAY contain the
Subject’s locality and/or state or province
information as verified under Section 3.2.2.1.<span
class="Apple-converted-space"> </span><o:p class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<u class="">f</u>. Certificate Field:
subject:stateOrProvinceName (OID: 2.5.4.8)<span
class="Apple-converted-space"> </span><o:p class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
Required if the subject:organizationName field field,<span
class="Apple-converted-space"> </span><u class="">subject:givenName
field, or subject:surname field are</u><s class="">is<span
class="Apple-converted-space"> </span></s>present
and<span class="Apple-converted-space"> </span><u
class="">the<span class="Apple-converted-space"> </span></u>subject:localityName
field is absent. Optional if the<span
class="Apple-converted-space"> </span><u class="">subject:localityName
field and the subject:organizationName field, the
subject:givenName field, or subject:surname field</u><span
class="Apple-converted-space"> </span>are present.
Prohibited if the subject:organizationName field,<span
class="Apple-converted-space"> </span><u class="">subject:givenName
field , or subject:surname field<span
class="Apple-converted-space"> </span></u>are<s
class=""><span class="Apple-converted-space"> </span>is</s>absent.
Contents: If present, the subject:stateOrProvinceName
field MUST contain the Subject’s state or province
information as verified under Section 3.2.2.1. If the
subject:countryName field specifies the ISO 3166‐1
user‐assigned code of XX in accordance with Section
7.1.4.2.2(g), the subject:stateOrProvinceName field
MAY contain the full name of the Subject’s country
information as verified under Section 3.2.2.1.<o:p
class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<u class="">g</u>. Certificate Field:
subject:postalCode (OID: 2.5.4.17)<o:p class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
Optional if the subject:organizationName,<span
class="Apple-converted-space"> </span><u class="">subject:givenName
field, or subject:surname</u><span
class="Apple-converted-space"> </span>fields<span
class="Apple-converted-space"> </span><u class="">are</u><span
class="Apple-converted-space"> </span><s class="">is</s>present.
Prohibited if the subject:organizationName field,<span
class="Apple-converted-space"> </span><u class="">subject:givenName
field, or subject:surname field are<span
class="Apple-converted-space"> </span></u><s
class="">is</s><span class="Apple-converted-space"> </span>absent.<span
class="Apple-converted-space"> </span><o:p class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
Contents: If present, the subject:postalCode field
MUST contain the Subject’s zip or postal information
as verified under Section 3.2.2.1.<span
class="Apple-converted-space"> </span><o:p class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<u class="">h</u>. Certificate Field:
subject:countryName (OID: 2.5.4.6)<span
class="Apple-converted-space"> </span><o:p class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
Required if the subject:organizationName field,<span
class="Apple-converted-space"> </span><u class="">subject:givenName
, or subject:surname field</u><span
class="Apple-converted-space"> </span>is present.
Optional if the subject:organizationName field,<span
class="Apple-converted-space"> </span><u class="">subject:givenName
field</u>, and <u class="">subject:surname field
are</u><span class="Apple-converted-space"> </span><s
class="">is</s>absent.<span
class="Apple-converted-space"> </span><o:p class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
Contents: If the subject:organizationName field is
present, the subject:countryName MUST contain the
two‐letter ISO 3166‐1 country code associated with the
location of the Subject verified under Section
3.2.2.1. If the subject:organizationName,<span
class="Apple-converted-space"> </span><u class="">subject:givenName
field, and subject:surname</u><span
class="Apple-converted-space"> </span> field<span
class="Apple-converted-space"> </span><u class="">are</u><span
class="Apple-converted-space"> </span><s class=""> is<span
class="Apple-converted-space"> </span></s>absent,
the subject:countryName field MAY contain the
two‐letter ISO 3166‐1 country code associated with the
Subject as verified in accordance with Section
3.2.2.3. If a Country is not represented by an
official ISO 3166‐1 country code, the CA MAY specify
the ISO 3166‐1 user‐assigned code of XX indicating
that an official ISO 3166‐1 alpha‐2 code has not been
assigned.<o:p class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<u class="">i</u>. Certificate Field:
subject:organizationalUnitName<span
class="Apple-converted-space"> </span><o:p class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
Optional.<span class="Apple-converted-space"> </span><o:p
class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<u class="">Contents:<span
class="Apple-converted-space"> </span></u>The CA
SHALL implement a process that prevents an OU
attribute from including a name, DBA, tradename,
trademark, address, location, or other text that
refers to a specific natural person or Legal Entity
unless the CA has verified this information in
accordance with Section 3.2 and the Certificate also
contains subject:organizationName,<span
class="Apple-converted-space"> </span><u class="">subject:givenName,
subject:surname,<span class="Apple-converted-space"> </span></u>subject:localityName,
and subject:countryName attributes, also verified in
accordance with Section 3.2.2.1.<o:p class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
7.1.6.1<o:p class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
…<o:p class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
If the Certificate asserts the policy identifier of
2.23.140.1.2.1, then it MUST NOT include
organizationName,<span class="Apple-converted-space"> </span><u
class="">givenName, surname,</u><span
class="Apple-converted-space"> </span>streetAddress,
localityName, stateOrProvinceName, or postalCode in
the Subject field.<o:p class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
…<o:p class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">
<span class=""> </span></div>
</div>
<br class="">
<fieldset class="mimeAttachmentHeader"></fieldset>
<br class="">
<pre class="" wrap="">_______________________________________________
Public mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org" style="color: rgb(149, 79, 114); text-decoration: underline;">Public@cabforum.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public" style="color: rgb(149, 79, 114); text-decoration: underline;">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);" class="">
<div class="moz-signature" style="font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height:
normal; orphans: auto; text-align: start; text-indent:
0px; text-transform: none; white-space: normal; widows:
auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);">
--<span class="Apple-converted-space"> </span><br class="">
<p style="font-family: serif;" class="">Cordiali saluti,<br
class="">
<br class="">
Adriano Santoni<br class="">
ACTALIS S.p.A.<br class="">
(Aruba Group)</p>
</div>
<span style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255); float: none;
display: inline !important;" class="">_______________________________________________</span><br
style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);" class="">
<span style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255); float: none;
display: inline !important;" class="">Public mailing list</span><br
style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);" class="">
<a moz-do-not-send="true" href="mailto:Public@cabforum.org"
style="color: rgb(149, 79, 114); text-decoration:
underline; font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);" class="">Public@cabforum.org</a><br
style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);" class="">
<a moz-do-not-send="true"
href="https://cabforum.org/mailman/listinfo/public"
style="color: rgb(149, 79, 114); text-decoration:
underline; font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);" class="">https://cabforum.org/mailman/listinfo/public</a><br
style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);" class="">
</div>
</blockquote>
</div>
<br class="">
</blockquote>
<br>
<div class="moz-signature">-- <br>
<p style="font-family: Serif">
Cordiali saluti,<br>
<br>
Adriano Santoni<br>
ACTALIS S.p.A.<br>
(Aruba Group)</p>
</div>
</body>
</html>