<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:PMingLiU;
panose-1:2 2 5 0 0 0 0 0 0 0;}
@font-face
{font-family:"MS Gothic";
panose-1:2 11 6 9 7 2 5 8 2 4;}
@font-face
{font-family:MingLiU;
panose-1:2 2 5 9 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"\@PMingLiU";
panose-1:2 2 5 0 0 0 0 0 0 0;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"\@MS Gothic";
panose-1:2 11 6 9 7 2 5 8 2 4;}
@font-face
{font-family:"\@MingLiU";
panose-1:2 2 5 9 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"PMingLiU",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"PMingLiU",serif;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"PMingLiU",serif;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:24.0pt;
margin-bottom:.0001pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:0in;
mso-para-margin-left:2.0gd;
mso-para-margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"PMingLiU",serif;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"PMingLiU",serif;}
span.HTML
{mso-style-name:"HTML 預設格式 字元";
mso-style-priority:99;
mso-style-link:"HTML 預設格式";
font-family:"Courier New";}
p.HTML0, li.HTML0, div.HTML0
{mso-style-name:"HTML 預設格式";
mso-style-priority:99;
mso-style-link:"HTML 預設格式 字元";
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"PMingLiU",serif;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle25
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle26
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle27
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle28
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle29
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle30
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle31
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:173109177;
mso-list-template-ids:-1412144308;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:274675831;
mso-list-template-ids:-184506368;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2
{mso-list-id:611017152;
mso-list-template-ids:-2062621822;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3
{mso-list-id:1586768173;
mso-list-template-ids:-883622694;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">I like option 3 – both choices<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> public-bounces@cabforum.org [mailto:public-bounces@cabforum.org]
<b>On Behalf Of </b>Ben Wilson<br>
<b>Sent:</b> Thursday, August 25, 2016 11:53 AM<br>
<b>To:</b> 'CABFPub' <public@cabforum.org><br>
<b>Subject:</b> Re: [cabfpub] Suggestion to amend BR Section7.1.4.2.2d/e RE: EV Gudelines section 9.2.5 & X.520<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">All,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">This topic was discussed again today in the Policy Review Working Group.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Can we move this discussion toward a solution that works for Taiwanese entities? Here are a couple of suggestions:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">1 – exception based on government registry of unique names (e.g. an enumerated list of countries/jurisdictions/territories with centralized registries that ensure that an
organization name is unique in the entire country/jurisdiction)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">2 – exception based on geographic size (e.g. an enumerated list of countries/jurisdictions/territories where the geographic area specified by the subject:countryName field
is below a threshold, for example, less than 200,000 sq. km.)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">3 – either of the above (both as options)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">4 – neither of the above (no change)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Are there other suggestions? Should we have a straw poll to see which one is favored before we draw up a ballot?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Ben<o:p></o:p></span></p>
<p class="MsoNormal"><a name="_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></a></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">
</span><span style="font-size:11.0pt;font-family:"MS Gothic"">陳立群</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> [<a href="mailto:realsky@cht.com.tw">mailto:realsky@cht.com.tw</a>]
<br>
<b>Sent:</b> Thursday, August 18, 2016 10:36 PM<br>
<b>To:</b> 'Kirk Hall' <<a href="mailto:Kirk.Hall@entrust.com">Kirk.Hall@entrust.com</a>>; Ben Wilson <<a href="mailto:ben.wilson@digicert.com">ben.wilson@digicert.com</a>>; 'Erwann Abalea' <<a href="mailto:Erwann.Abalea@docusign.com">Erwann.Abalea@docusign.com</a>><br>
<b>Cc:</b> 'CABFPub' <<a href="mailto:public@cabforum.org">public@cabforum.org</a>><br>
<b>Subject:</b> RE: [cabfpub] Suggestion to amend BR Section7.1.4.2.2d/e RE: EV Gudelines section 9.2.5 & X.520<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW">Thanks for Ben and Kirk.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW">I also need comments about below two discussion.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"><a href="https://cabforum.org/pipermail/public/2016-August/008224.html">https://cabforum.org/pipermail/public/2016-August/008224.html</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"><a href="https://cabforum.org/pipermail/public/2016-August/008225.html">https://cabforum.org/pipermail/public/2016-August/008225.html</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"> Li-Chun CHEN<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:ZH-TW">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:ZH-TW"> Kirk Hall [<a href="mailto:Kirk.Hall@entrust.com">mailto:Kirk.Hall@entrust.com</a>]
<br>
<b>Sent:</b> Friday, August 19, 2016 5:27 AM<br>
<b>To:</b> 'Ben Wilson'; '</span><span lang="ZH-TW" style="font-size:10.0pt;mso-fareast-language:ZH-TW">陳立群</span><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:ZH-TW">'; 'Erwann Abalea'<br>
<b>Cc:</b> 'CABFPub'<br>
<b>Subject:</b> RE: [cabfpub] Suggestion to amend BR Section7.1.4.2.2d/e RE: EV Gudelines section 9.2.5 & X.520<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW">Thanks, Ben.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW">Just thinking this through, Canada allows corporations to be created at the federal level (and also, separately, at the provincial
level, but no corporation would do both). So in theory Foobar Corp. could be a federal corporation in Canada, so the cert would show:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW">O= Foobar Corp.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW">L=<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW">S=<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW">C= CA<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW">Is that right?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW">In Canada, I suspect that there could be a separate Foobar Corp. created and registered in the Province of Ontario (they would be unique
corporations) – at least, it is possible in the US for all 50 states to incorporate separate Foobar Corps.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW">Initially, I thought that could be a problem for Li-Chun’s proposed amendment to BR 7.1.4.2.2 – but now I think his amendment could
work. Here is how it is worded:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:ZH-TW">[The localityName and stateOrProvinceName is optional when the subject:organizationName and subject:countryName fields
are present if ]:</span></i><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:ZH-TW">
<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:ZH-TW">“(b) the country/jurisdiction specified by the subject:countryName field has a centralized registry t<span style="background:yellow;mso-highlight:yellow">hat
ensures that the organization name specified by the subject:organizationName field is unique in the entire country/jurisdiction</span>.”<span style="color:#1F497D"><o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW">Canada and the US do not have a centralized registry like that, so you could not omit the L or S field from organizations there. But
if Taiwan DOES have a registry that ensures unique naming for an organization throughout Taiwan, and if any user could look up details of that unique corporation named in the cert with the central registry, then I think the L and S data safely could be omitted.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:ZH-TW">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:ZH-TW">
<a href="mailto:public-bounces@cabforum.org">public-bounces@cabforum.org</a> [<a href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>]
<b>On Behalf Of </b>Ben Wilson<br>
<b>Sent:</b> Thursday, August 18, 2016 12:47 PM<br>
<b>To:</b> </span><span lang="ZH-TW" style="font-size:11.0pt;font-family:"MS Gothic";mso-fareast-language:ZH-TW">陳立群</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:ZH-TW"> <<a href="mailto:realsky@cht.com.tw">realsky@cht.com.tw</a>>;
'Erwann Abalea' <<a href="mailto:Erwann.Abalea@docusign.com">Erwann.Abalea@docusign.com</a>><br>
<b>Cc:</b> 'CABFPub' <<a href="mailto:public@cabforum.org">public@cabforum.org</a>><br>
<b>Subject:</b> Re: [cabfpub] Suggestion to amend BR Section7.1.4.2.2d/e RE: EV Gudelines section 9.2.5 & X.520<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:ZH-TW">Recirculating this because it came up briefly during today’s call. The current status is that Li-Chun requests an amendment to BR Section7.1.4.2.2d/e
to make localityName and stateOrProvinceName optional when the subject:organizationName and subject:countryName fields are present if “(b) the country/jurisdiction specified by the subject:countryName field has a centralized registry that ensures that the
organization name specified by the subject:organizationName field is unique in the entire country/jurisdiction.”<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:ZH-TW">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:ZH-TW">
</span><span lang="ZH-TW" style="font-size:11.0pt;font-family:"MS Gothic";mso-fareast-language:ZH-TW">陳立群</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;mso-fareast-language:ZH-TW"> [<a href="mailto:realsky@cht.com.tw">mailto:realsky@cht.com.tw</a>]
<br>
<b>Sent:</b> Thursday, July 28, 2016 4:57 AM<br>
<b>To:</b> 'Erwann Abalea' <<a href="mailto:Erwann.Abalea@docusign.com">Erwann.Abalea@docusign.com</a>><br>
<b>Cc:</b> 'CABFPub' <<a href="mailto:public@cabforum.org">public@cabforum.org</a>>; Ben Wilson <<a href="mailto:ben.wilson@digicert.com">ben.wilson@digicert.com</a>><br>
<b>Subject:</b> RE: [cabfpub] Suggestion to amend BR Section7.1.4.2.2d/e RE: EV Gudelines section 9.2.5 & X.520<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="font-family:MingLiU;mso-fareast-language:ZH-TW">
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:MingLiU;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-indent:12.0pt"><span style="font-family:MingLiU;mso-fareast-language:ZH-TW">1. In RFC 3739-</span><span style="mso-fareast-language:ZH-TW">
</span><span style="font-family:MingLiU;mso-fareast-language:ZH-TW">Internet X.509 Public Key Infrastructure: Qualified Certificates Profile<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:MingLiU;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:MingLiU;mso-fareast-language:ZH-TW">2.4.</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="font-family:MingLiU;mso-fareast-language:ZH-TW"> Uniqueness of names<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:MingLiU;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="font-family:MingLiU;mso-fareast-language:ZH-TW"> Distinguished name is originally defined in X.501 [X.501] as a</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="font-family:MingLiU;mso-fareast-language:ZH-TW">
representation of a directory name, defined as a construct that<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:MingLiU;mso-fareast-language:ZH-TW">identifies a particular object from among a set of all objects.</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="font-family:MingLiU;mso-fareast-language:ZH-TW">
<span style="color:red">The distinguished name MUST be unique for each subject entity certified by the one CA as defined by the issuer name field</span>,
<span style="color:red">for the whole life</span></span><span style="font-family:"Times New Roman",serif;color:red;mso-fareast-language:ZH-TW"> </span><span style="color:red;mso-fareast-language:ZH-TW"> time of the CA.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW">
<b><span style="color:red">So it need not as you said that the erialNumber attribute in Subject Name should be shared among all CAs.
<o:p></o:p></span></b></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW"> But in previous discussion and meeting, we have find Peter<span lang="ZH-TW">’</span>s The UPU guidance may
not be useful. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW"> 2. You said why not change to use EV SSL certificate, but maybe some countries setup their government but
they only want to issue OV SSL certificates. <o:p></o:p></span></p>
<p class="MsoNormal" style="text-indent:.25in"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW">The White House has mandated that all public-facing Web sites of the federal government
must implement HTTPS within the next two years from last year. But you can see <a href="https://www.whitehouse.gov/">
https://www.whitehouse.gov/</a>, it is an OV wild card SSL certificate installed.
</span><span style="font-family:MingLiU;mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"> 3. We only reflect a fact that Taiwan’s government has set up their GPKI’s certificates profile, rule for DN and DIT more than twelve years,
and 2.16.886 you said are in Subject Directory Attribute, they are for government entities’ certificates’ applications, not for web SSL certificates.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"> If our government changes their representation of Subject DN as current BR, they will confusion and conflict for government entities certificates
such as associate private key stored in IC card.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-indent:12.0pt"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW">Please see the proposed amend versions of BR Section7.1.4.2.2d/e by Ben or Wen-Cheng, again as below, just release the BR
for small countries/jurisdictions, if they do not set up any state or province in their law or government entities. Or if the subject:organizationName and subject:countryName fields are present and the country/jurisdiction specified by the subject:countryName
field has a centralized registry for that kind of organizations so that the organization name specified by the subject:organizationName field is "unique" in the entire country/jurisdiction.
<o:p></o:p></span></p>
<p class="MsoNormal" style="text-indent:12.0pt"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW">And to prevent that some CAs misplaced absence province or state name in subject name.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"> The amended version will not affect other CAs that use current BR rule to interpret Subject DN.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"> Or we can use the minimum set of Subject Name concept of ETSI’s legal or web SSL certificates profiles as Moudrick offered
those documents. <u><a href="https://portal.etsi.org/TBSiteMap/ESI/ESIActivities.aspx">https://portal.etsi.org//TBSiteMap/ESI/ESIActivities.aspx</a></u>
<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in"><span lang="ZH-TW" style="color:#1F497D;mso-fareast-language:ZH-TW">–</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:#1F497D;mso-fareast-language:ZH-TW">
</span><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW">ETSI EN 319 412-1 "Electronic Signatures and Infrastructures (ESI); Certificate Profiles; Part 1: Overview and common data structures".<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in"><span lang="ZH-TW" style="color:#1F497D;mso-fareast-language:ZH-TW">–</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:#1F497D;mso-fareast-language:ZH-TW">
</span><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"> ETSI EN 319 412-3 "Electronic Signatures and Infrastructures (ESI); Certificate Profiles; Part 3: Certificate profile for certificates issued to legal persons".<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in"><span lang="ZH-TW" style="color:#1F497D;mso-fareast-language:ZH-TW">–</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:#1F497D;mso-fareast-language:ZH-TW">
</span><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW">C.319 412-4 v1.1.1: Certificate profile for web site certificates issued to organisations<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="1440" style="width:10.0in;border-collapse:collapse">
<tbody>
<tr style="height:29.2pt">
<td width="720" valign="top" style="width:5.0in;border:solid white 1.0pt;border-bottom:solid white 3.0pt;background:#00CC99;padding:.05in .1in .05in .1in;height:29.2pt">
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:white">BR V1.3.4</span></b><span style="font-size:18.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
</td>
<td width="720" valign="top" style="width:5.0in;border-top:solid white 1.0pt;border-left:none;border-bottom:solid white 3.0pt;border-right:solid white 1.0pt;background:#00CC99;padding:.05in .1in .05in .1in;height:29.2pt">
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:white">Dr. Ben Wilson of DigiCert</span></b><b><span style="font-size:18.0pt;color:white">’</span></b><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:white">s
version</span></b><span style="font-size:18.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
</td>
</tr>
<tr style="height:29.2pt">
<td width="720" valign="top" style="width:5.0in;border:solid white 1.0pt;border-top:none;background:#CBECDE;padding:.05in .1in .05in .1in;height:29.2pt">
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">7.1.4.2.2 Subject Distinguished Name Fields</span></b><span style="font-size:18.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">d. Certificate Field:
</span></b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">subject:localityName (OID: 2.5.4.7)
</span><span style="font-size:18.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">Required</span></b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black"> if the subject:organizationName field
is present and the subject:stateOrProvinceName field is absent.</span><span style="font-size:18.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">Optional</span></b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black"> if the subject:organizationName and subject:stateOrProvinceName
fields are present.</span><span style="font-size:18.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">e. Certificate Field:
</span></b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">subject:stateOrProvinceName (OID: 2.5.4.8)</span><span style="font-size:18.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">Required
</span></b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">if the subject:organizationName field is present and subject:localityName field is absent.</span><span style="font-size:18.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">Optional
</span></b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">if subject:organizationName and subject:localityName fields are present.</span><span style="font-size:18.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
</td>
<td width="720" valign="top" style="width:5.0in;border-top:none;border-left:none;border-bottom:solid white 1.0pt;border-right:solid white 1.0pt;background:#CBECDE;padding:.05in .1in .05in .1in;height:29.2pt">
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">7.1.4.2.2 Subject Distinguished Name Fields</span></b><span style="font-size:18.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">d.Certificate Field:</span></b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black"> subject:localityName (OID:
2.5.4.7) </span><span style="font-size:18.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">Required</span></b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black"> if the subject:organizationName field
is present and the subject:stateOrProvinceName field is absent.</span><span style="font-size:18.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">Optional
</span></b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">if: (a) the subject:organizationName and subject:stateOrProvinceName fields are present,
</span><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:blue">or (b) if the country name provided under subsection g. is Taiwan (TW), Singapore (SG)[Note 2], etc..</span><span style="font-size:18.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:18.0pt;font-family:"Times New Roman",serif;color:black"> </span><span style="font-size:18.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">e.Certificate Field:</span></b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black"> subject:stateOrProvinceName
(OID: 2.5.4.8) </span><span style="font-size:18.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">Required if the subject:organizationName field is present and subject:localityName field is absent.</span><span style="font-size:18.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">Optional
</span></b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">if: (a) subject:organizationName and subject:localityName fields are present</span><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:blue">, or (b) if
the country name provided under subsection g. is Taiwan (TW), Singapore (SG), etc..</span><span style="font-size:18.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
</td>
</tr>
<tr style="height:29.2pt">
<td width="720" valign="top" style="width:5.0in;border:solid white 1.0pt;border-top:none;background:#CBECDE;padding:.05in .1in .05in .1in;height:29.2pt">
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">V1.3.4<o:p></o:p></span></b></p>
</td>
<td width="720" valign="top" style="width:5.0in;border-top:none;border-left:none;border-bottom:solid white 1.0pt;border-right:solid white 1.0pt;background:#CBECDE;padding:.05in .1in .05in .1in;height:29.2pt">
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">Dr. Wen-Cheng Wang of Chunghwa Telecom</span></b><b><span style="font-size:18.0pt;color:black">’</span></b><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">s
Version<o:p></o:p></span></b></p>
</td>
</tr>
<tr style="height:29.2pt">
<td width="720" valign="top" style="width:5.0in;border:solid white 1.0pt;border-top:none;background:#CBECDE;padding:.05in .1in .05in .1in;height:29.2pt">
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">7.1.4.2.2 Subject Distinguished Name Fields<o:p></o:p></span></b></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">d. Certificate Field: subject:localityName (OID: 2.5.4.7)
<o:p></o:p></span></b></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">Required if the subject:organizationName field is present and the subject:stateOrProvinceName field is absent.<o:p></o:p></span></b></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">Optional if the subject:organizationName and subject:stateOrProvinceName fields are present.<o:p></o:p></span></b></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">e. Certificate Field: subject:stateOrProvinceName (OID: 2.5.4.8)<o:p></o:p></span></b></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">Required if the subject:organizationName field is present and subject:localityName field is absent.<o:p></o:p></span></b></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">Optional if subject:organizationName and subject:localityName fields are present.<o:p></o:p></span></b></p>
</td>
<td width="720" valign="top" style="width:5.0in;border-top:none;border-left:none;border-bottom:solid white 1.0pt;border-right:solid white 1.0pt;background:#CBECDE;padding:.05in .1in .05in .1in;height:29.2pt">
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">7.1.4.2.2 Subject Distinguished Name Fields<o:p></o:p></span></b></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">d.Certificate Field: subject:localityName (OID: 2.5.4.7)
<o:p></o:p></span></b></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">Required if the subject:organizationName field is present and the subject:stateOrProvinceName field is absent.<o:p></o:p></span></b></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">Optional if: (a) the subject:organizationName and subject:stateOrProvinceName fields are or (b) if the subject:organizationName and subject:countryName
fields are present and the country/jurisdiction specified by the subject:countryName field has a centralized registry for that kind of organizations so that the organization name specified by the subject:organizationName field is "unique" in the entire country/jurisdiction.<o:p></o:p></span></b></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">Normally, situation (b) may exist in small countries/jurisdictions such as Singapore (SG), Taiwan (TW), etc.<o:p></o:p></span></b></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Times New Roman",serif;color:black"> </span></b><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black"><o:p></o:p></span></b></p>
</td>
</tr>
<tr style="height:29.2pt">
<td width="720" valign="top" style="width:5.0in;border:solid white 1.0pt;border-top:none;background:#CBECDE;padding:.05in .1in .05in .1in;height:29.2pt">
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">V1.3.4<o:p></o:p></span></b></p>
</td>
<td width="720" valign="top" style="width:5.0in;border-top:none;border-left:none;border-bottom:solid white 1.0pt;border-right:solid white 1.0pt;background:#CBECDE;padding:.05in .1in .05in .1in;height:29.2pt">
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">Dr. Wen-Cheng Wang of Chunghwa Telecom</span></b><b><span style="font-size:18.0pt;color:black">’</span></b><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">s
Version<o:p></o:p></span></b></p>
</td>
</tr>
<tr style="height:29.2pt">
<td width="720" valign="top" style="width:5.0in;border:solid white 1.0pt;border-top:none;background:#CBECDE;padding:.05in .1in .05in .1in;height:29.2pt">
</td>
<td width="720" valign="top" style="width:5.0in;border-top:none;border-left:none;border-bottom:solid white 1.0pt;border-right:solid white 1.0pt;background:#CBECDE;padding:.05in .1in .05in .1in;height:29.2pt">
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">7.1.4.2.2 Subject Distinguished Name Fields<o:p></o:p></span></b></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Times New Roman",serif;color:black"> </span></b><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black"><o:p></o:p></span></b></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">e.Certificate Field: subject:stateOrProvinceName (OID: 2.5.4.8)
<o:p></o:p></span></b></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">Required if the subject:organizationName field is present and subject:localityName field is absent.<o:p></o:p></span></b></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">Optional if: (a) subject:organizationName and subject:localityName fields are present, or (b) if the subject:organizationName and subject:countryName
fields are present and the country/jurisdiction specified by the subject:countryName field has a centralized registry for that kind of organizations so that the organization name specified by the subject:organizationName field is "unique" in the entire country/jurisdiction.<o:p></o:p></span></b></p>
<p style="margin:0in;margin-bottom:.0001pt"><b><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">Normally, situation (b) may exist in small countries/jurisdictions such as Singapore (SG), Taiwan (TW), etc.<o:p></o:p></span></b></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-indent:.5in"><span style="mso-fareast-language:ZH-TW">Li-Chun CHEN</span><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:ZH-TW">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:ZH-TW"> Erwann Abalea [<a href="mailto:Erwann.Abalea@docusign.com">mailto:Erwann.Abalea@docusign.com</a>]
<br>
<b>Sent:</b> Thursday, July 21, 2016 12:32 AM<br>
<b>To:</b> </span><span lang="ZH-TW" style="font-size:10.0pt;mso-fareast-language:ZH-TW">陳立群</span><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;mso-fareast-language:ZH-TW"><br>
<b>Cc:</b> CABFPub; Ben Wilson<br>
<b>Subject:</b> Re: [cabfpub] Suggestion to amend BR Section7.1.4.2.2d/e RE: EV Gudelines section 9.2.5 & X.520<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW">Bonjour, <o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW">See my answers inline.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW">Cordialement,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW">Erwann Abalea<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW">Le 20 juil. 2016 <span lang="ZH-TW">
à</span> 11:48, <span lang="ZH-TW">陳立群</span> <<a href="mailto:realsky@cht.com.tw">realsky@cht.com.tw</a>> a
<span lang="ZH-TW">é</span>crit :<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#0070C0;mso-fareast-language:ZH-TW"> I reply as below, for readers easily to see what Erwann wrote were (<a href="https://cabforum.org/pipermail/public/2016-July/007996.html"><span style="color:purple">https://cabforum.org/pipermail/public/2016-July/007996.html</span></a>)
, what I reply now are, I suggest to read attached pdf file, what I reply are in red or blue color.</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">Bonsoir,</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">About small countries that haven</span><span lang="ZH-TW" style="mso-fareast-language:ZH-TW">’</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">t
set up any state or province.</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">X.520 definition for the stateOrProvinceName attribute is (from 201210 edition):</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">The State or Province Name attribute type specifies a state or province. When used as a component of a directory name, it identifies a geographical subdivision
in which the named object is physically located or with which it is associated in some other important way.</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">«Geographical subdivision » can mean anything. Maybe some would disagree, but I think that a CA can stretch it pretty easily while respecting the BRs.</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">If you want to follow the intent of the « province », since this latin-based word designates an administrative subdivision, it can even be a city or a village,
and doesn</span><span lang="ZH-TW" style="mso-fareast-language:ZH-TW">’</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">t necessarily mean a State in the US way. All the countries listed in Note 2 have cities.</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;color:red;mso-fareast-language:ZH-TW">=====><span class="apple-converted-space"><b> </b></span><b>I think X.520 clearly specifies that 'The State or Province Name attribute type specifies
a state or province.' (This is the first sentence of the stateOrProvinceName</b></span><b><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> <span style="color:red">definition in X.520.) Should CAB Forum encourage the ambiguity that
CAs may put the name of administrative subdivision at any level (such as a city, a county, a town, or a village) into stateOrProvinceName</span> <span style="color:red">attribute? No, I don't think so.</span></span></b><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW">But X.520 doesn<span lang="ZH-TW">’</span>t define what a state or a province is or isn<span lang="ZH-TW">’</span>t. Nor does X.520 define what is or isn<span lang="ZH-TW">’</span>t a valid country,
or what is or isn<span lang="ZH-TW">’</span>t a valid organization.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW">X.520 defines a set of attributes, organizes them into types (labelling, geographical, organizational, etc), and gives some guidance on the intent of these attributes.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW">Looking at different sources to get the definition of
</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">«</span><span style="mso-fareast-language:ZH-TW"> province</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> »</span><span style="mso-fareast-language:ZH-TW">,
they all agree on the fact that a province is at least an administrative division of a country. The Oxford Dictionary of English defines province as
</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">« </span><span style="mso-fareast-language:ZH-TW">a principal administrative division of a country or empire</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> »</span><span style="mso-fareast-language:ZH-TW">
(here, principal is still subjective). A county, town, city, or even a village is an administrative division. In small countries, city may be the highest level of administrative division.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW">X.520 hasn<span lang="ZH-TW">’</span>t defined an attribute intended to hold a brand name (DBA), and the CABForum has decided that the organizationName attribute can hold either the legal name (complete
or with abbreviations) or the brand name, and even a natural person<span lang="ZH-TW">’</span>s name (for IV certs).<o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">About the uniqueness of an organizationName at a country level.</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">OV/IV certificates are not meant to unambiguously identify the subject named in the certificate. That role is left for EV certificates.</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;color:#1F497D;mso-fareast-language:ZH-TW">====><span class="apple-converted-space"> </span></span><b><span style="font-family:"Times New Roman",serif;color:red;mso-fareast-language:ZH-TW">I
am really surprised to see the interpretation that 'OV/IV certificates are not meant to unambiguously identify the subject named in the certificate' in the CAB Forum. Is this a common cognition of the CAB Forum? The fundamental function of a public-key certificate
is to assert the binding between the subject identity and its public key, isn't it?</span></b><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW">Yes. Assert a binding between a public key and an identity, and verify that the applicant has the right to claim this identity. Not assert that this identity is not shared with someone else. Not
assert that the bound name is the only possible representation of the entity<span lang="ZH-TW">’</span>s name.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW">If you need these guarantees, then you need to define a set of name canonicalization rules.<o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><b><span style="font-family:"Times New Roman",serif;color:red;mso-fareast-language:ZH-TW">The value of a CA in the internet community is to act as a Trusted Third Party (TTP) which is responsible to verify the identity of the subject and
then guarantee the binding between the subject identity and its public key.</span></b><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW">Again, that<span lang="ZH-TW">’</span>s right. The CA verifies the claimed identity, and binds it with the public key. Nothing more for DV/OV/IV.<o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><b><span style="font-family:"Times New Roman",serif;color:red;mso-fareast-language:ZH-TW">I think that OV/IV certificates still need to unambiguously identify the subject named in the certificate. The difference between OV/IV certificates
and EV certificates is that they provide different level of assurance regarding the identity information verified. I understand that there does not exist a global X.500 directory. However, A CA should still make its best to unambiguously identify the subject
named in the OV/IV certificate. At least, the CA should guarantee that two different entities never share the same subject DN, otherwise how the relying parties can distinguish which organization/individual is actually behind the OV/IV certificate?</span></b><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW">This is the purpose of EV. Attributes have been defined to hold the incorporation/registration informations, the business category is included in the name, and a non ambiguous naming scheme has been
defined.<o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">I have replied in previous email to Peter in </span><span style="mso-fareast-language:ZH-TW"><a href="https://cabforum.org/pipermail/public/2016-June/007897.html" target="_blank"><span style="font-family:"Times New Roman",serif;color:purple">https://cabforum.org/pipermail/public/2016-June/007897.html</span></a></span><span style="font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW"> as
below</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="text-indent:12.0pt"><i><span style="font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">For IV SSL certificate or citizen certificates, we can add unique serial number in Subject Distinguished Names to two
different entities have the same names. (You said EV SSL certificates solve the problem, but don</span></i><i><span lang="ZH-TW" style="color:blue;mso-fareast-language:ZH-TW">’</span></i><i><span style="font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">t
forget that EV SSL Certificates will not be issued to individuals, only be issued to Private Organization, Government Entities, Business entities and non-profit international organizations</span></i><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW">Let<span lang="ZH-TW">’</span>s suppose it's something we want to do for DV/OV/IV.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW">We can add such a unique serialNumber attribute. This serialNumber needs to be shared among all CAs, either by constituting a common database, or by combining some sort of identification document
type (ID card, passport, whatever) and the number. If we don<span lang="ZH-TW">’</span>t have this globally unique number, then CA1 could assign serialNumber 1 for user A, CA2 could assign serialNumber 1 to user B, user A and user B could be homonyms, and
the desired goal isn<span lang="ZH-TW">’</span>t achieved (relying party is unable to distinguish the identities).<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW">Is that something we want for natural persons, worldwide?<o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal" style="text-indent:.25in"><span style="font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">Note that in<span class="apple-converted-space"> </span></span><span style="mso-fareast-language:ZH-TW"><a href="https://cabforum.org/pipermail/public/2016-July/007912.html" target="_blank"><span style="font-family:"Times New Roman",serif;color:purple">https://cabforum.org/pipermail/public/2016-July/007912.html</span></a></span><span style="font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">,
I have replied to Peter in RFC 3739 there are Qualified Certificates Profiles.</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<pre><span style="font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">I suggest you to read </span><span style="font-family:MingLiU;mso-fareast-language:ZH-TW"><o:p></o:p></span></pre>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW">I know about Qualified Certificates. CABF OV/IV are not Qualified Certificates. Even EV are not Qualified Certificates. I don<span lang="ZH-TW">’</span>t want to impose Qualified Certificates to
every CA.<o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<pre><span style="font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">3.1.2. Subject</span><span style="font-family:MingLiU;mso-fareast-language:ZH-TW"><o:p></o:p></span></pre>
<pre><span style="font-family:"Courier New";mso-fareast-language:ZH-TW"> </span><span style="font-family:MingLiU;mso-fareast-language:ZH-TW"><o:p></o:p></span></pre>
<pre><span style="font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">The serialNumber attribute type SHALL, when present, be used to differentiate between names where the subject field would otherwise be identical. This attribute has no defined semantics beyond ensuring uniqueness of subject names. It MAY contain a number or code assigned by the CA or an identifier assigned by a government or civil authority. It is the CA's responsibility to ensure that the serialNumber is sufficient to resolve any subject name collisions.</span><span style="font-family:"Courier New";mso-fareast-language:ZH-TW"> </span><span style="font-family:MingLiU;mso-fareast-language:ZH-TW"><o:p></o:p></span></pre>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW">Now, the relying party will be able to distinguish identity A and identity B even when names are shared (homonyms, company name, brands), but within a given CA only. In a sense, what will be unique
is the combination issuerName+subjectName, not subjectName alone.<o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal" style="text-indent:12.0pt"><span style="font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">So for Taiwan</span><span lang="ZH-TW" style="color:blue;mso-fareast-language:ZH-TW">’</span><span style="font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">s
GPKI, we can resolve any subject name collisions for government entities</span><span lang="ZH-TW" style="color:blue;mso-fareast-language:ZH-TW">’</span><span class="apple-converted-space"><span style="font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW"> </span></span><span style="font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">SSL
certificates or citizen certificates more than 13 years.</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">For example, in an IV certificate, there can be more than one individuals named John Malkovich, living in the same country, same province, same city. Only one
of them will obviously be able to have the</span><span style="mso-fareast-language:ZH-TW"><a href="http://johnmalkoti.ch/" target="_blank"><span style="font-family:"Times New Roman",serif;color:purple">johnmalkoti.ch</span></a></span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> domain,
if it exists (it doesn</span><span lang="ZH-TW" style="mso-fareast-language:ZH-TW">’</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">t).</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">Talking about OV certificates, even if it</span><span lang="ZH-TW" style="mso-fareast-language:ZH-TW">’</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">s
not possible to have 2 companies with the same name in the same jurisdiction, it</span><span lang="ZH-TW" style="mso-fareast-language:ZH-TW">’</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">s possible to have 2 certificates
having the same name representing 2 different entities. For example «C=UT, ST=MyVillage, O=XXXX», if XXXX is both a company and a brand (DBA).</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">Combine OV and IV, and «C=UT, ST=MyVillage, O=XXXX» can represent 3 different things, if XXXX is also the full name of an individual and the CA chooses to place
this full name in the O field instead of GN/SN. (for a country named Utopia)</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">The rule for an OV/IV is something like « if you can provide evidence of the claimed identity, it</span><span lang="ZH-TW" style="mso-fareast-language:ZH-TW">’</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">s
good».</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">Again, if you want to disambiguate claimed identities, you</span><span lang="ZH-TW" style="mso-fareast-language:ZH-TW">’</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">re
free to add other attributes, or provide an EV certificate.</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">I don</span><span lang="ZH-TW" style="mso-fareast-language:ZH-TW">’</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">t support
the proposed BR changes, they only add complexity without any real benefit.</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">Looking at the example certificates:</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l3 level1 lfo3"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">certificate 1 is not problematic; if you want a less cluttered certificate, go for a DV; wether VA is really a country or not
is left as an exercise (it</span><span lang="ZH-TW" style="mso-fareast-language:ZH-TW">’</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">s a territory for me, but I</span><span lang="ZH-TW" style="mso-fareast-language:ZH-TW">’</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">m
not so difficult)</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></li></ul>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">===>VA is really a country, they don</span><span lang="ZH-TW" style="color:blue;mso-fareast-language:ZH-TW">’</span><span style="font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">t
set up a government entity whose legal name is called Vatican City<span class="apple-converted-space"> </span></span><span style="font-family:"Times New Roman",serif;color:red;mso-fareast-language:ZH-TW">State</span><span class="apple-converted-space"><span style="font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW"> </span></span><span style="font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">or
Vatican City<span class="apple-converted-space"> </span></span><span style="font-family:"Times New Roman",serif;color:red;mso-fareast-language:ZH-TW">Province</span><span style="font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">, but </span><span style="mso-fareast-language:ZH-TW"><a href="https://crt.sh/?q=98+ef+2b+4c+43+39+ae+04+3b+bd+55+08+59+b2+b7+b4+ee+76+cb+af" target="_blank"><span style="font-family:"Times New Roman",serif;color:purple">https://crt.sh/?q=98+ef+2b+4c+43+39+ae+04+3b+bd+55+08+59+b2+b7+b4+ee+76+cb+af</span></a><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW">A country without a government?<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW">The government is the Holy See, maintains diplomatic relations with other states, has an observer status at UN (non-member), and its sovereign territory is the Vatican.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW">The Vatican is only a territory.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW">I<span lang="ZH-TW">’</span>m sure attorneys and jurists following the list may find interest reading about the situation of Holy See and Vatican.<o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">The Subject DN is<br>
commonName=*.catholica.va<br>
organizationName=Department of Telecommunications<br>
localityName=Vatican City<br>
stateOrProvinceName=Vatican City<span class="apple-converted-space"> </span></span><span style="font-size:10.0pt;font-family:"Times New Roman",serif;color:red;mso-fareast-language:ZH-TW">State</span><span style="font-size:10.0pt;font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW"><br>
countryName =VA</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">The subject DN should be</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">commonName=*.catholica.va<br>
organizationName=Department of Telecommunications<br>
countryName =VA</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">It is enough to identify the domain name owner in Vatican.</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW">What is your goal? Asserting the smallest unambiguous possible name, or assert a correct name? OV/EV/IV goal is the second.<o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l2 level1 lfo6"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">certificate 2 is not wrong per se; Taichung City being a geographical subdivision of Taiwan, an administrative division, and a
city, it</span><span lang="ZH-TW" style="mso-fareast-language:ZH-TW">’</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">s not wrong to have Taichung in both the ST and L attributes<span class="apple-converted-space"> </span></span><span lang="ZH-TW" style="mso-fareast-language:ZH-TW">—</span><span class="apple-converted-space"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"> </span></span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">second
example is « ST=Taiwan, L=Kaohsiung»; Taiwan being a province of the Taiwan country, and Kaohsiung being a city, it</span><span lang="ZH-TW" style="mso-fareast-language:ZH-TW">’</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">s
not wrong</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></li></ul>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">===>Taichung City and Kaohsiung City are 6 special municipalities (Traditional<span class="apple-converted-space"> </span></span><span style="mso-fareast-language:ZH-TW"><a href="https://en.wikipedia.org/wiki/Traditional_Chinese_characters" target="_blank" title="Traditional Chinese characters"><span style="font-family:"Times New Roman",serif;color:purple;text-decoration:none">Chinese</span></a></span><span style="font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">:<span class="apple-converted-space"> </span></span><span lang="ZH-TW" style="color:blue;mso-fareast-language:ZH-TW">直轄市</span><span style="font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">)
or called<span class="apple-converted-space"> </span></span><span style="mso-fareast-language:ZH-TW"><a href="https://en.wikipedia.org/wiki/Executive_Yuan" target="_blank" title="Executive Yuan"><span style="font-family:"Times New Roman",serif;color:purple;text-decoration:none">Yuan</span></a></span><span style="font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">-controlled
municipalities (</span><span lang="ZH-TW" style="color:blue;mso-fareast-language:ZH-TW">院轄市</span><span style="font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">),theYuan is referred to the Executive Yuan. Special municipalities have
the rank of province. </span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">[…]</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">isions of this Act, or to matters that are to be handled by such bodies in accordance with law and where such bodies are responsible for policy formulation
and implementation.</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="text-indent:.25in"><span style="font-family:"Times New Roman",serif;color:blue;mso-fareast-language:ZH-TW">For government entity's DN and OID, our government set up a site at<span class="apple-converted-space"> </span><a href="http://oid.nat.gov.tw/"><span style="color:purple">oid.nat.gov.tw</span></a>,
it is UTF 8 code in Traditional Chinese. It is no need to put S=Taiwan in DN for entities under Taichung City and Kaohsiung City.</span><span style="mso-fareast-language:ZH-TW"><o:p></o:p></span></p>
</div>
</blockquote>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW">And this government failed to follow normalized practice.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW">The OID arc 2.16 is governed by rules listed in X.660, and those rules were not followed. 2.16.886 is NOT an OID that the government of Taiwan can use.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW">Yet you want to write rules that cover the 200+ countries and their particularities, and ask all CAs to follow them<span lang="ZH-TW">…</span><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span lang="ZH-TW" style="font-family:"MS Gothic";mso-fareast-language:ZH-TW">本信件可能包含中華電信股份有限公司機密資訊</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">,</span><span lang="ZH-TW" style="font-family:"MS Gothic";mso-fareast-language:ZH-TW">非指定之收件者</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">,</span><span lang="ZH-TW" style="font-family:"MS Gothic";mso-fareast-language:ZH-TW">請勿蒐集、處理或利用本信件</span><span lang="ZH-TW" style="font-family:SimSun;mso-fareast-language:ZH-TW">內容</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">,</span><span lang="ZH-TW" style="font-family:"MS Gothic";mso-fareast-language:ZH-TW">並請銷毀此信件</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">.
</span><span lang="ZH-TW" style="font-family:"MS Gothic";mso-fareast-language:ZH-TW">如為指定收件者</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">,</span><span lang="ZH-TW" style="font-family:"MS Gothic";mso-fareast-language:ZH-TW">應確實保護郵件中本公司之營業機密及個人資料</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">,</span><span lang="ZH-TW" style="font-family:"MS Gothic";mso-fareast-language:ZH-TW">不得任意傳佈或揭露</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">,</span><span lang="ZH-TW" style="font-family:"MS Gothic";mso-fareast-language:ZH-TW">並應自行確認本郵件之附檔與超連結之安全性</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">,</span><span lang="ZH-TW" style="font-family:"MS Gothic";mso-fareast-language:ZH-TW">以共同善盡資訊安全與個資保護責任</span><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW">Please be advised that this email message (including any attachments) contains confidential information and may be legally privileged. If you are not the intended
recipient, please destroy this message and all attachments from your system and do not further collect, process, or use them. Chunghwa Telecom and all its subsidiaries and associated companies shall not be liable for the improper or incomplete transmission
of the information contained in this email nor for any delay in its receipt or damage to your system. If you are the intended recipient, please protect the confidential and/or personal information contained in this email with due care. Any unauthorized use,
disclosure or distribution of this message in whole or in part is strictly prohibited. Also, please self-inspect attachments and hyperlinks contained in this email to ensure the information security and to protect personal information.<o:p></o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif;mso-fareast-language:ZH-TW"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"MS Gothic"">本信件可能包含中華電信股份有限公司機密資訊</span><span style="font-family:"Times New Roman",serif">,</span><span style="font-family:"MS Gothic"">非指定之收件者</span><span style="font-family:"Times New Roman",serif">,</span><span style="font-family:"MS Gothic"">請勿蒐集、處理或利用本信件</span><span style="font-family:SimSun">內容</span><span style="font-family:"Times New Roman",serif">,</span><span style="font-family:"MS Gothic"">並請銷毀此信件</span><span style="font-family:"Times New Roman",serif">.
</span><span style="font-family:"MS Gothic"">如為指定收件者</span><span style="font-family:"Times New Roman",serif">,</span><span style="font-family:"MS Gothic"">應確實保護郵件中本公司之營業機密及個人資料</span><span style="font-family:"Times New Roman",serif">,</span><span style="font-family:"MS Gothic"">不得任意傳佈或揭露</span><span style="font-family:"Times New Roman",serif">,</span><span style="font-family:"MS Gothic"">並應自行確認本郵件之附檔與超連結之安全性</span><span style="font-family:"Times New Roman",serif">,</span><span style="font-family:"MS Gothic"">以共同善盡資訊安全與個資保護責任</span><span style="font-family:"Times New Roman",serif">. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif">Please be advised that this email message (including any attachments) contains confidential information and may be legally privileged. If you are not the intended recipient, please destroy
this message and all attachments from your system and do not further collect, process, or use them. Chunghwa Telecom and all its subsidiaries and associated companies shall not be liable for the improper or incomplete transmission of the information contained
in this email nor for any delay in its receipt or damage to your system. If you are the intended recipient, please protect the confidential and/or personal information contained in this email with due care. Any unauthorized use, disclosure or distribution
of this message in whole or in part is strictly prohibited. Also, please self-inspect attachments and hyperlinks contained in this email to ensure the information security and to protect personal information.<o:p></o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif"><o:p> </o:p></span></p>
</div>
</div>
</body>
</html>