<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><font face="Calibri">You are right: the ambiguity is also present
in the OV case, and I think it would be better to reduce it,
somehow, for both OV and IV certs, while keeping the difference
from EV certs.<br>
</font></p>
<p><font face="Calibri">There can exist two or more John Smiths in
the same city, or maybe even a dozen, each one owning a different
domain, and it would be bad (to me) if they were to be issued IV
certs that look identical in their Subject DNs. I suppose this
is already happening. And the same holds for OV certs, I am
perfectly aware. We are a small CA and have not been facing this
kind of situation so far .... but if it was to occur to us, we
would not issue certs with identical Subject DNs, </font><font
face="Calibri"><font face="Calibri">even if allowed by the BRs.
</font>That would be "wrong", IMO. We would forcedly introduce
some disambiguating attribute in the 2nd Subject DN (in
compliance with the BRs), to differentiate them. This should be
recommended or even mandated by the BRs.<br>
</font></p>
<p>I would like a requirement of this kind in the BRs: "the CA shall
not issue certificates with identical subject DNs to different
subscribers"... or something like that. Maybe this is already
implied in the BRs, but I am not finding the paragraph
corroborating it.</p>
<p>Adriano<br>
</p>
<br>
<div class="moz-cite-prefix">Il 24/08/2016 15:47, Erwann Abalea ha
scritto:<br>
</div>
<blockquote
cite="mid:ED83A400-B754-48C3-9274-94D81EF8105B@docusign.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
We’re in the review period, feel free to comment :)
<div class=""><br class="">
</div>
<div class="">In my point of view, there’s a confusion here
between an identity (givenName+surName) and an individual (a
physical person).</div>
<div class="">An identity can be claimed by several individuals,
therefore it’s ambiguous. Likewise, an individual can have
several identities, and these identities can change over the
individual’s life.</div>
<div class=""><br class="">
</div>
<div class="">BR only requires CAs to assert that an Applicant is
right when claiming an identity and address. In the final
certificate, you’ll only find the claimed identity and address,
not the exact Applicant.</div>
<div class=""><br class="">
</div>
<div class="">Looking at OV certificates, this ambiguity is
already there. O can contain a company name or a brand name; a
company name can be used by several distinct companies (even at
the same place); a brand name registered under one jurisdiction
belongs to a single company, but the same brand name can be
registered in different jurisdictions and can also be used by
different companies (with agreements). Identity and address
verification can be performed using different documents, adding
another layer of flexibility/complexity.</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">
<div class="">
<div class="">Cordialement,</div>
<div class="">Erwann Abalea</div>
</div>
<br class="">
<div>
<blockquote type="cite" class="">
<div class="">Le 24 août 2016 à 14:10, Adriano Santoni <<a
moz-do-not-send="true"
href="mailto:adriano.santoni@staff.aruba.it" class="">adriano.santoni@staff.aruba.it</a>>
a écrit :</div>
<br class="Apple-interchange-newline">
<div class="">
<div bgcolor="#FFFFFF" text="#000000" class="">
<p class=""><font class="" face="Calibri">Pardon me for
commenting on this topic when the ballot was already
initiated.<br class="">
</font></p>
<p class=""><font class="" face="Calibri">However, I was
not implying that the BRs currently require extra
attributes</font><font class="" face="Calibri"> in
the Subject DN, nor am I proposing to modify the BRs
at this stage.<br class="">
</font></p>
<p class=""><font class="" face="Calibri">I was just
arguing that givenName+surname is too vague as an
identity, IMO, even if referred to a specific
country and locality.
<br class="">
</font></p>
<p class=""><font class="" face="Calibri">That is, it
does not seem to me an effective "equivalent" of the
organizationName that is requested for OV certs.<br
class="">
</font></p>
<p class=""><font class="" face="Calibri">I know that
the BRs have been that way for long, so I am aware
that my is a bit untimely.<br class="">
</font></p>
<br class="">
<div class="moz-cite-prefix">Il 24/08/2016 13:07, Erwann
Abalea ha scritto:<br class="">
</div>
<blockquote
cite="mid:AE409C33-1AD4-4E79-864A-EC66D3E88411@docusign.com"
type="cite" class="">
<div class="">Bonjour,</div>
<div class=""><br class="">
</div>
<div class="">givenName and surName are sufficient to
specify an identity. More than one person may share
this identity, but to me, BR don’t tend to
distinguish them. There’s nothing in BR requiring
CAs to generate certificates with canonical and
non-ambiguous names. The non-ambiguity goal is
achieved by following EVG only.</div>
<div class=""><br class="">
</div>
<div class="">Given your example IV certificate,
you’ll have givenName=John, surName=Doe, and also a
country and either a localityName or a
stateOrProvinceName. So you’ll know that this
website belongs to someone named John Doe living in
a specific city or state in this country, but
nothing more.</div>
<div class=""><br class="">
</div>
<div class="">If you want to follow ETSI 319412-1
rules and insert a serialNumber attribute to avoid
name collisions, feel free, it’s not forbidden.</div>
<br class="">
<div class="">
<div class="">Cordialement,</div>
<div class="">Erwann Abalea</div>
</div>
<br class="">
<div class="">
<blockquote type="cite" class="">
<div class="">Le 24 août 2016 à 12:08, Adriano
Santoni <<a moz-do-not-send="true"
href="mailto:adriano.santoni@staff.aruba.it"
class="">adriano.santoni@staff.aruba.it</a>>
a écrit :</div>
<br class="Apple-interchange-newline">
<div class="">
<p style="font-family: Helvetica; font-size:
12px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto;
text-align: start; text-indent: 0px;
text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);"
class="">
<font class="" face="Calibri">But givenName
and surname are not sufficient to specify an
identity. How many Robert Smiths exist in
UK/US/CA ? (or Mario Rossi in Italy, as to
that).<br class="">
</font></p>
<p style="font-family: Helvetica; font-size:
12px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto;
text-align: start; text-indent: 0px;
text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);"
class="">
<font class="" face="Calibri">If I would like
to know who's behind a web site whose SSL
cert contains giveName=John, surname=Doe, I
am none the wiser.<br class="">
</font></p>
<br style="font-family: Helvetica; font-size:
12px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto;
text-align: start; text-indent: 0px;
text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);"
class="">
<div class="moz-cite-prefix" style="font-family:
Helvetica; font-size: 12px; font-style:
normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height:
normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none;
white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width:
0px; background-color: rgb(255, 255, 255);">
Il 23/08/2016 20:02, Bruce Morton ha scritto:<br
class="">
</div>
<blockquote
cite="mid:04dc1a6b6f5645d598069c4761f4d42a@PMSPEX04.corporate.datacard.com"
type="cite" style="font-family: Helvetica;
font-size: 12px; font-style: normal;
font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent:
0px; text-transform: none; white-space:
normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);"
class="">
<div class="WordSection1" style="page:
WordSection1;">
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span style="color: rgb(31, 73, 125);"
class="">OK, thanks.<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span style="color: rgb(31, 73, 125);"
class=""> </span></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span style="color: rgb(31, 73, 125);"
class="">Bruce.<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span style="color: rgb(31, 73, 125);"
class=""> </span></div>
<div class="">
<div style="border-style: solid none none;
border-top-color: rgb(225, 225, 225);
border-top-width: 1pt; padding: 3pt 0in
0in;" class="">
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<b class="">From:</b><span
class="Apple-converted-space"> </span>Jeremy
Rowley [<a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="mailto:jeremy.rowley@digicert.com"
style="color: rgb(149, 79, 114);
text-decoration: underline;">mailto:jeremy.rowley@digicert.com</a>]<span
class="Apple-converted-space"> </span><br
class="">
<b class="">Sent:</b><span
class="Apple-converted-space"> </span>Monday,
August 22, 2016 6:16 PM<br class="">
<b class="">To:</b><span
class="Apple-converted-space"> </span>Bruce
Morton<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
class="moz-txt-link-rfc2396E"
href="mailto:Bruce.Morton@entrust.com"
style="color: rgb(149, 79, 114);
text-decoration: underline;"><Bruce.Morton@entrust.com></a>;<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:public@cabforum.org"
style="color: rgb(149, 79, 114);
text-decoration: underline;">public@cabforum.org</a><br
class="">
<b class="">Subject:</b><span
class="Apple-converted-space"> </span>RE:
givenName and surname revived<o:p
class=""></o:p></div>
</div>
</div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span class="">What do you mean by
definition? I consider IV v. OV well
defined because of the meaning
associated with the OID inserted into
the cert. Section 7.1.6.1 states “<span
class="Apple-converted-space"> </span></span>{joint‐iso‐itu‐t(2)
international‐organizations(23)
ca‐browser‐forum(140)
certificate‐policies(1)
baseline‐requirements(2)
individual‐validated(3)} (2.23.140.1.2.3),
if the Certificate complies with these
Requirements and includes Subject Identity
Information that is verified in accordance
with Section 3.2.3.” Section 3.2.3 is
verification of an individual whereas
Section 3.2.2 is verification of an
organization. <o:p class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
Jeremy<span class=""><o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<a moz-do-not-send="true"
name="_MailEndCompose" class=""> </a></div>
<div class="">
<div style="border-style: solid none none;
border-top-color: rgb(225, 225, 225);
border-top-width: 1pt; padding: 3pt 0in
0in;" class="">
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<b class="">From:</b><span
class="Apple-converted-space"> </span>Bruce
Morton [<a moz-do-not-send="true"
href="mailto:Bruce.Morton@entrust.com"
style="color: rgb(149, 79, 114);
text-decoration: underline;"
class="">mailto:Bruce.Morton@entrust.com</a>]<span
class="Apple-converted-space"> </span><br
class="">
<b class="">Sent:</b><span
class="Apple-converted-space"> </span>Monday,
August 22, 2016 6:11 AM<br class="">
<b class="">To:</b><span
class="Apple-converted-space"> </span>Jeremy
Rowley <<a moz-do-not-send="true"
href="mailto:jeremy.rowley@digicert.com"
style="color: rgb(149, 79, 114);
text-decoration: underline;"
class="">jeremy.rowley@digicert.com</a>>;<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="mailto:public@cabforum.org"
style="color: rgb(149, 79, 114);
text-decoration: underline;"
class="">public@cabforum.org</a><br
class="">
<b class="">Subject:</b><span
class="Apple-converted-space"> </span>RE:
givenName and surname revived<o:p
class=""></o:p></div>
</div>
</div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span style="color: rgb(31, 73, 125);"
class="">Hi Jeremy,<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span style="color: rgb(31, 73, 125);"
class=""> </span></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span style="color: rgb(31, 73, 125);"
class="">My apologies, but can you
clarify the section where IV certs are
well defined? I see that
“individual-validated” is stated twice
in sections 1.2 and 7.1.6.1 (the same
for domain-validated and
organization-validated), but I can’t
find the definition.<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span style="color: rgb(31, 73, 125);"
class=""> </span></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span style="color: rgb(31, 73, 125);"
class="">Thanks, Bruce.<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span style="color: rgb(31, 73, 125);"
class=""> </span></div>
<div class="">
<div style="border-style: solid none none;
border-top-color: rgb(225, 225, 225);
border-top-width: 1pt; padding: 3pt 0in
0in;" class="">
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<b class="">From:</b><span
class="Apple-converted-space"> </span>Jeremy
Rowley [<a moz-do-not-send="true"
href="mailto:jeremy.rowley@digicert.com"
style="color: rgb(149, 79, 114);
text-decoration: underline;"
class="">mailto:jeremy.rowley@digicert.com</a>]<span
class="Apple-converted-space"> </span><br
class="">
<b class="">Sent:</b><span
class="Apple-converted-space"> </span>Saturday,
August 20, 2016 10:41 AM<br class="">
<b class="">To:</b><span
class="Apple-converted-space"> </span>Bruce
Morton <<a moz-do-not-send="true"
href="mailto:Bruce.Morton@entrust.com"
style="color: rgb(149, 79, 114);
text-decoration: underline;"
class="">Bruce.Morton@entrust.com</a>>;<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="mailto:public@cabforum.org"
style="color: rgb(149, 79, 114);
text-decoration: underline;"
class="">public@cabforum.org</a><br
class="">
<b class="">Subject:</b><span
class="Apple-converted-space"> </span>RE:
givenName and surname revived<o:p
class=""></o:p></div>
</div>
</div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span class="">Hey Bruce – IV certs are
well defined. The goal of the ballot
isn’t to further define IV certs but to
permit use of the givenName and surname
fields for IV certs. giveName and
surname in the org field would be
allowed. They’d still use the IV OIDs as
they were validated under the IV section
of the CP.<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span class=""> </span></div>
<div class="">
<div style="border-style: solid none none;
border-top-color: rgb(225, 225, 225);
border-top-width: 1pt; padding: 3pt 0in
0in;" class="">
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<b class="">From:</b><span
class="Apple-converted-space"> </span>Bruce
Morton [<a moz-do-not-send="true"
href="mailto:Bruce.Morton@entrust.com"
style="color: rgb(149, 79, 114);
text-decoration: underline;"
class="">mailto:Bruce.Morton@entrust.com</a>]<span
class="Apple-converted-space"> </span><br
class="">
<b class="">Sent:</b><span
class="Apple-converted-space"> </span>Friday,
August 19, 2016 6:41 AM<br class="">
<b class="">To:</b><span
class="Apple-converted-space"> </span>Jeremy
Rowley <<a moz-do-not-send="true"
href="mailto:jeremy.rowley@digicert.com"
style="color: rgb(149, 79, 114);
text-decoration: underline;"
class="">jeremy.rowley@digicert.com</a>>;<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="mailto:public@cabforum.org"
style="color: rgb(149, 79, 114);
text-decoration: underline;"
class="">public@cabforum.org</a><br
class="">
<b class="">Subject:</b><span
class="Apple-converted-space"> </span>RE:
givenName and surname revived<o:p
class=""></o:p></div>
</div>
</div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span style="color: rgb(31, 73, 125);"
class="">Hi Jeremy,<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span style="color: rgb(31, 73, 125);"
class=""> </span></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span style="color: rgb(31, 73, 125);"
class="">Would like some clarification.
On the call yesterday, it was said that
IV certificates were not defined, so
this ballot will help resolve this.<o:p
class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span style="color: rgb(31, 73, 125);"
class=""> </span></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span style="color: rgb(31, 73, 125);"
class="">Per 7.1.4.2.2 b, the current
BRs allow givenName and surname to be
included in the organizationName field.
Will this still be allowed? If so, what
would the certificate type be? OV or IV?
I would prefer that these be OV
certificates.<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span style="color: rgb(31, 73, 125);"
class=""> </span></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span style="color: rgb(31, 73, 125);"
class="">If we do make the changes and
the CAs have to meet Microsoft’s
requirement to put a DV, OV, or IV
certificate policy in the certificate, I
think we should clearly define each
certificate type.<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span style="color: rgb(31, 73, 125);"
class=""> </span></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span style="color: rgb(31, 73, 125);"
class="">Also, the stateOrProvinceName
field appears to currently have an issue
as it does not have any language to
address the case where there is no state
or province in the address.<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span style="color: rgb(31, 73, 125);"
class=""> </span></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span style="color: rgb(31, 73, 125);"
class="">Thanks, Bruce.<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span style="color: rgb(31, 73, 125);"
class=""> </span></div>
<div class="">
<div style="border-style: solid none none;
border-top-color: rgb(225, 225, 225);
border-top-width: 1pt; padding: 3pt 0in
0in;" class="">
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<b class="">From:</b><span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="mailto:public-bounces@cabforum.org"
style="color: rgb(149, 79, 114);
text-decoration: underline;"
class="">public-bounces@cabforum.org</a><span
class="Apple-converted-space"> </span>[<a
moz-do-not-send="true"
href="mailto:public-bounces@cabforum.org"
style="color: rgb(149, 79, 114);
text-decoration: underline;"
class="">mailto:public-bounces@cabforum.org</a>]<span
class="Apple-converted-space"> </span><b
class="">On Behalf Of<span
class="Apple-converted-space"> </span></b>Jeremy
Rowley<br class="">
<b class="">Sent:</b><span
class="Apple-converted-space"> </span>Thursday,
August 18, 2016 12:09 PM<br class="">
<b class="">To:</b><span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="mailto:public@cabforum.org"
style="color: rgb(149, 79, 114);
text-decoration: underline;"
class="">public@cabforum.org</a><br
class="">
<b class="">Subject:</b><span
class="Apple-converted-space"> </span>[cabfpub]
givenName and surname revived<o:p
class=""></o:p></div>
</div>
</div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
Looking for two endorsers for the
following revisions the baseline
requirements adding support for givenName
and surname:<o:p class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
Insert a new (C) under 7.1.4.2.2,
renumbering all subsequent bullets.<span
class="Apple-converted-space"> </span><o:p
class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<u class="">c.<span
class="Apple-converted-space"> </span><b
class="">Certificate Field</b>:
subject:givenName (2.5.4.42) and
subject:surname (2.5.4.4)<o:p class=""></o:p></u></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<b class=""><u class="">Optional.<span
class="Apple-converted-space"> </span><o:p
class=""></o:p></u></b></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<b class=""><u class="">Contents: </u></b><u
class="">If present, the
subject:givenName field and
subject:surname field MUST contain an
natural person Subject’s name as
verified under Section 3.2.3. A
Certificate containing a
subject:givenName field or
subject:surname field MUST contain the
(2.23.140.1.2.3) Certificate Policy OID</u>.<u
class=""><o:p class=""></o:p></u></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<u class="">d.</u><span
class="Apple-converted-space"> </span>Certificate
Field: Number and street:
subject:streetAddress (OID: 2.5.4.9)<span
class="Apple-converted-space"> </span><o:p
class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
Optional if the
subject:organizationName field<u class="">,
subject: givenName field, or
subject:surname field are</u><span
class="Apple-converted-space"> </span><s
class="">is</s>present. Prohibited if
the subject:organizationName field<u
class="">, subject:givenName, and
subject:surname field are</u><s class=""><span
class="Apple-converted-space"> </span>is</s><span
class="Apple-converted-space"> </span>absent.<o:p
class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span class="Apple-converted-space"> </span>Contents:
If present, the subject:streetAddress
field MUST contain the Subject’s street
address information as verified under
Section 3.2.2.1.<span
class="Apple-converted-space"> </span><o:p
class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<u class="">e</u>. Certificate Field:
subject:localityName (OID: 2.5.4.7)<span
class="Apple-converted-space"> </span><o:p
class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
Required if the subject:organizationName
field,<span class="Apple-converted-space"> </span><u
class="">subject:givenName field, or
subject:surname field are</u><span
class="Apple-converted-space"> </span><s
class="">is</s>present and the
subject:stateOrProvinceName field is
absent. Optional if the<u class="">subject:stateOrProvinceName
field and the subject:organizationName
field, subject:givenName field, or
subject:surname </u>field are present.
Prohibited if the subject:organizationName
field,<span class="Apple-converted-space"> </span><u
class="">subject:givenName, and
subject:surname field are<span
class="Apple-converted-space"> </span></u><s
class="">is</s><span
class="Apple-converted-space"> </span>absent.<span
class="Apple-converted-space"> </span><o:p
class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
Contents: If present, the
subject:localityName field MUST contain
the Subject’s locality information as
verified under Section 3.2.2.1. If the
subject:countryName field specifies the
ISO 3166‐1 user‐assigned code of XX in
accordance with Section 7.1.4.2.2(g), the
localityName field MAY contain the
Subject’s locality and/or state or
province information as verified under
Section 3.2.2.1.<span
class="Apple-converted-space"> </span><o:p
class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<u class="">f</u>. Certificate Field:
subject:stateOrProvinceName (OID: 2.5.4.8)<span
class="Apple-converted-space"> </span><o:p
class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
Required if the subject:organizationName
field field,<span
class="Apple-converted-space"> </span><u
class="">subject:givenName field, or
subject:surname field are</u><s class="">is<span
class="Apple-converted-space"> </span></s>present
and<span class="Apple-converted-space"> </span><u
class="">the<span
class="Apple-converted-space"> </span></u>subject:localityName
field is absent. Optional if the<span
class="Apple-converted-space"> </span><u
class="">subject:localityName field and
the subject:organizationName field, the
subject:givenName field, or
subject:surname field</u><span
class="Apple-converted-space"> </span>are
present. Prohibited if the
subject:organizationName field,<span
class="Apple-converted-space"> </span><u
class="">subject:givenName field , or
subject:surname field<span
class="Apple-converted-space"> </span></u>are<s
class=""><span
class="Apple-converted-space"> </span>is</s>absent.
Contents: If present, the
subject:stateOrProvinceName field MUST
contain the Subject’s state or province
information as verified under Section
3.2.2.1. If the subject:countryName field
specifies the ISO 3166‐1 user‐assigned
code of XX in accordance with Section
7.1.4.2.2(g), the
subject:stateOrProvinceName field MAY
contain the full name of the Subject’s
country information as verified under
Section 3.2.2.1.<o:p class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<u class="">g</u>. Certificate Field:
subject:postalCode (OID: 2.5.4.17)<o:p
class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
Optional if the subject:organizationName,<span
class="Apple-converted-space"> </span><u
class="">subject:givenName field, or
subject:surname</u><span
class="Apple-converted-space"> </span>fields<span
class="Apple-converted-space"> </span><u
class="">are</u><span
class="Apple-converted-space"> </span><s
class="">is</s>present. Prohibited if
the subject:organizationName field,<span
class="Apple-converted-space"> </span><u
class="">subject:givenName field, or
subject:surname field are<span
class="Apple-converted-space"> </span></u><s
class="">is</s><span
class="Apple-converted-space"> </span>absent.<span
class="Apple-converted-space"> </span><o:p
class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
Contents: If present, the
subject:postalCode field MUST contain the
Subject’s zip or postal information as
verified under Section 3.2.2.1.<span
class="Apple-converted-space"> </span><o:p
class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<u class="">h</u>. Certificate Field:
subject:countryName (OID: 2.5.4.6)<span
class="Apple-converted-space"> </span><o:p
class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
Required if the subject:organizationName
field,<span class="Apple-converted-space"> </span><u
class="">subject:givenName , or
subject:surname field</u><span
class="Apple-converted-space"> </span>is
present. Optional if the
subject:organizationName field,<span
class="Apple-converted-space"> </span><u
class="">subject:givenName field</u>,
and <u class="">subject:surname field are</u><span
class="Apple-converted-space"> </span><s
class="">is</s>absent.<span
class="Apple-converted-space"> </span><o:p
class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
Contents: If the subject:organizationName
field is present, the subject:countryName
MUST contain the two‐letter ISO 3166‐1
country code associated with the location
of the Subject verified under Section
3.2.2.1. If the subject:organizationName,<span
class="Apple-converted-space"> </span><u
class="">subject:givenName field, and
subject:surname</u><span
class="Apple-converted-space"> </span> field<span
class="Apple-converted-space"> </span><u
class="">are</u><span
class="Apple-converted-space"> </span><s
class=""> is<span
class="Apple-converted-space"> </span></s>absent,
the subject:countryName field MAY contain
the two‐letter ISO 3166‐1 country code
associated with the Subject as verified in
accordance with Section 3.2.2.3. If a
Country is not represented by an official
ISO 3166‐1 country code, the CA MAY
specify the ISO 3166‐1 user‐assigned code
of XX indicating that an official ISO
3166‐1 alpha‐2 code has not been assigned.<o:p
class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<u class="">i</u>. Certificate Field:
subject:organizationalUnitName<span
class="Apple-converted-space"> </span><o:p
class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
Optional.<span
class="Apple-converted-space"> </span><o:p
class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<u class="">Contents:<span
class="Apple-converted-space"> </span></u>The
CA SHALL implement a process that prevents
an OU attribute from including a name,
DBA, tradename, trademark, address,
location, or other text that refers to a
specific natural person or Legal Entity
unless the CA has verified this
information in accordance with Section 3.2
and the Certificate also contains
subject:organizationName,<span
class="Apple-converted-space"> </span><u
class="">subject:givenName,
subject:surname,<span
class="Apple-converted-space"> </span></u>subject:localityName,
and subject:countryName attributes, also
verified in accordance with Section
3.2.2.1.<o:p class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<o:p class=""> </o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
7.1.6.1<o:p class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
…<o:p class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
If the Certificate asserts the policy
identifier of 2.23.140.1.2.1, then it MUST
NOT include organizationName,<span
class="Apple-converted-space"> </span><u
class="">givenName, surname,</u><span
class="Apple-converted-space"> </span>streetAddress,
localityName, stateOrProvinceName, or
postalCode in the Subject field.<o:p
class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
…<o:p class=""></o:p></div>
<div style="margin: 0in 0in 0.0001pt;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">
<span class=""> </span></div>
</div>
<br class="">
<fieldset class="mimeAttachmentHeader"></fieldset>
<br class="">
<pre class="" wrap="">_______________________________________________
Public mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org" style="color: rgb(149, 79, 114); text-decoration: underline;">Public@cabforum.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public" style="color: rgb(149, 79, 114); text-decoration: underline;">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br style="font-family: Helvetica; font-size:
12px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto;
text-align: start; text-indent: 0px;
text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);"
class="">
<div class="moz-signature" style="font-family:
Helvetica; font-size: 12px; font-style:
normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height:
normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none;
white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width:
0px; background-color: rgb(255, 255, 255);">
--<span class="Apple-converted-space"> </span><br
class="">
<p style="font-family: serif;" class="">Cordiali
saluti,<br class="">
<br class="">
Adriano Santoni<br class="">
ACTALIS S.p.A.<br class="">
(Aruba Group)</p>
</div>
<span style="font-family: Helvetica; font-size:
12px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto;
text-align: start; text-indent: 0px;
text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255); float:
none; display: inline !important;" class="">_______________________________________________</span><br
style="font-family: Helvetica; font-size:
12px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto;
text-align: start; text-indent: 0px;
text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);"
class="">
<span style="font-family: Helvetica; font-size:
12px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto;
text-align: start; text-indent: 0px;
text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255); float:
none; display: inline !important;" class="">Public
mailing list</span><br style="font-family:
Helvetica; font-size: 12px; font-style:
normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height:
normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none;
white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width:
0px; background-color: rgb(255, 255, 255);"
class="">
<a moz-do-not-send="true"
href="mailto:Public@cabforum.org"
style="color: rgb(149, 79, 114);
text-decoration: underline; font-family:
Helvetica; font-size: 12px; font-style:
normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height:
normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none;
white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width:
0px; background-color: rgb(255, 255, 255);"
class="">Public@cabforum.org</a><br
style="font-family: Helvetica; font-size:
12px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto;
text-align: start; text-indent: 0px;
text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);"
class="">
<a moz-do-not-send="true"
href="https://cabforum.org/mailman/listinfo/public"
style="color: rgb(149, 79, 114);
text-decoration: underline; font-family:
Helvetica; font-size: 12px; font-style:
normal; font-variant: normal; font-weight:
normal; letter-spacing: normal; line-height:
normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none;
white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width:
0px; background-color: rgb(255, 255, 255);"
class="">https://cabforum.org/mailman/listinfo/public</a><br
style="font-family: Helvetica; font-size:
12px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto;
text-align: start; text-indent: 0px;
text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);"
class="">
</div>
</blockquote>
</div>
<br class="">
</blockquote>
<br class="">
<div class="moz-signature">-- <br class="">
<p style="font-family: Serif" class="">Cordiali
saluti,<br class="">
<br class="">
Adriano Santoni<br class="">
ACTALIS S.p.A.<br class="">
(Aruba Group)</p>
</div>
</div>
</div>
</blockquote>
</div>
<br class="">
</div>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<p style="font-family: Serif">
Cordiali saluti,<br>
<br>
Adriano Santoni<br>
ACTALIS S.p.A.<br>
(Aruba Group)</p>
</div>
</body>
</html>