<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix"><br>
Hi Li-Chun, <br>
<br>
<br>
On 27/3/2017 4:27 μμ, 陳立群 wrote:<br>
</div>
<blockquote cite="mid:005d01d2a6fd$d14f5660$73ee0320$@cht.com.tw"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:新細明體;
panose-1:2 2 5 0 0 0 0 0 0 0;}
@font-face
{font-family:細明體;
panose-1:2 2 5 9 0 0 0 0 0 0;}
@font-face
{font-family:細明體;
panose-1:2 2 5 9 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@新細明體";
panose-1:2 2 5 0 0 0 0 0 0 0;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@細明體";
panose-1:2 2 5 9 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML 預設格式 字元";
margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:細明體;
color:black;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"註解方塊文字 字元";
margin:0cm;
margin-bottom:.0001pt;
font-size:9.0pt;
font-family:"Cambria","serif";
color:black;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.HTML
{mso-style-name:"HTML 預設格式 字元";
mso-style-priority:99;
mso-style-link:"HTML 預設格式";
font-family:"Courier New";
color:black;}
span.a
{mso-style-name:"註解方塊文字 字元";
mso-style-priority:99;
mso-style-link:註解方塊文字;
font-family:"Cambria","serif";
color:black;}
span.EmailStyle24
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.shorttext
{mso-style-name:short_text;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">Dimitris,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"> In Taiwan, according our Company Act,
the company name must be unique for the whole country<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><a moz-do-not-send="true"
href="http://law.moj.gov.tw/Eng/LawClass/LawAll.aspx?PCode=J0080001">http://law.moj.gov.tw/Eng/LawClass/LawAll.aspx?PCode=J0080001</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-indent:12.0pt"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">Please see Company Act article 18, such as “No
company may use a corporate name which is identical with
that of another company. “<o:p></o:p></span></p>
<p class="MsoNormal" style="text-indent:12.0pt"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="text-indent:12.0pt"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"> There will be no two companies with the same
name such as “ABC company” in Taiwan. <o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"> But what about in other country? Is it
allowed two company with same company name in Greece?</span></p>
</div>
</blockquote>
<br>
If we are talking about "Subject Identity", as in most countries, it
depends. At this point, we need to distinguish the "Company" with
the "Subject" entity. BRs 3.2.2.1 describe validation of the
identify of an "Organization". You realize that a "Company" is just
one form of an "Organization". That said, and as you have clearly
stated in your previous e-mails, some Organizations MUST be
registered at the country level (for example Universities, Central
Government Agencies/Units, maybe Medical Institutions) and cannot be
registered at any other level (State, County, City or other). If you
remember, I brought up this issue along with Wendy Brown from the
FPKI because some Government Agencies and Public organizations are
registered at a National Level so the Locality or State seems
unnecessary. Depending on the size of the country, this rule could
be expanded to Companies, as it appears to exist in Taiwan
(unfortunately I did not have time to verify this but others may
have done that already for Taiwan).<br>
<br>
We should clearly distinguish the "streetAddress" with the "Subject
Information". The mailing address must be any physical address
related to the Organization identified in the "Subject Information"
field as verified under 3.2.2.1. Since there is a clear attribute
for physical address, why should we mix this information into the
State or Locality Information?<br>
<br>
The current BRs don't mandate that the Subject Information must
uniquely Identify the Subject at a global or even a national scale.
Normally, this information would be included in 3.1.5 (Uniqueness of
names) and in several CP/CPS documents from various CAs you will see
that the uniqueness of the Subject DN is usually at the Issuing CA
level. Now, I've heard from CA/B Forum members that the
"rationale/intent" of the "State OR Locality" rule was in order to
have some information that uniquely identifies the Subject at a
certain level (State or City). From the 14-month discussion of this
topic, it is clear -at least to me- that this rationale/intent has
failed... It would make more sense to force inclusion of the
streetAddress field in OV Certificates rather than the "State or
Locality".<br>
<br>
I would not support Wen-Cheng’s proposal because it is overly
specific to X.500 directory. I think this exception should be
broader and allow for Organizations registered at a
"National-Government" level (which means unique at a National level
and no other Organizations can use the same Name at lower-levels) to
be exempt from State and Locality field.<br>
<br>
<br>
Best Regards,<br>
Dimitris.<br>
<br>
<br>
<blockquote cite="mid:005d01d2a6fd$d14f5660$73ee0320$@cht.com.tw"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p></o:p></span></p>
<pre><span style="font-family:"Calibri","sans-serif";color:#1F497D" lang="EN-US"><o:p> </o:p></span></pre>
<pre><span style="font-family:"Calibri","sans-serif";color:#1F497D" lang="EN-US"> In Taiwan, a corporation can be registered at country-level but can also be register at city/county-level. If there is a country-level corporation named “Farmer’s Association” of which physical address is located in Taipei City, with current Subject DN rule of BR, its Subject DN will be “C=TW, L=Taipei City, O=Farmer’s Association”. <o:p></o:p></span></pre>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"> However, if there is also a
city/county-level “Farmer’s Association” in Taipei City, its
Subject DN will also be “C=TW, L=Taipei City, O=Farmer’s
Association”. How do you distinguish them by DN?<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"> So a better way is to let DN of the
corporation that registered at country-level be C=TW,
O=Farmer’s Association<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"> And let DN of the corporation that
registered at city/county-level be<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US">C=TW, L=Taipei City, O=Farmer’s Association<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"> Please see Annex B of ITU-T X.521
(Suggested name form and Directory information tree
structures), Please note path 1 -> 3, it suggests that
there is no need to include a Locality attribute in the
directory name for a corporation registered at
country-level.</span><span
style="font-family:細明體;color:windowtext" lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"> We hope you can support Wen-Cheng’s <a
moz-do-not-send="true"
href="https://cabforum.org/pipermail/public/2017-March/010123.html">https://cabforum.org/pipermail/public/2017-March/010123.html</a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:細明體;color:windowtext" lang="EN-US">to add
a sub-section k under the section 7.1.4.2.2 Subject
Distinguished Nam Fields as follows:<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:細明體;color:windowtext" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:細明體;color:windowtext" lang="EN-US">7.1.4.2.2
Subject Distinguished Nam Fields<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:細明體;color:windowtext" lang="EN-US">……<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:細明體;color:windowtext" lang="EN-US">k.
Accepting X.500 Directory Naming Conventions of Existing
PKIs<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:細明體;color:windowtext" lang="EN-US">For
PKIs where the X.500 directory naming conventions are
adopted for subject distinguished names, the existing naming
rules of those PKIs are acceptable if the following
conditions are satisfied:<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:細明體;color:windowtext" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:細明體;color:windowtext" lang="EN-US">i. the
naming rules can unambiguously identify the subject; and<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:細明體;color:windowtext" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:細明體;color:windowtext" lang="EN-US">ii.
only commonly-used naming attributes recommended by RFC
5280, RFC 3739, or ETSI EN 319 412 are used in the naming
rules.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:細明體;color:windowtext" lang="EN-US"><o:p> </o:p></span></p>
<pre><span style="font-family:"Calibri","sans-serif";color:#1F497D" lang="EN-US"> or support Ben’s version as <a moz-do-not-send="true" href="https://cabforum.org/pipermail/public/2017-March/010215.html">https://cabforum.org/pipermail/public/2017-March/010215.html</a> that<o:p></o:p></span></pre>
<pre><span style="font-family:"Calibri","sans-serif";color:#1F497D" lang="EN-US"><o:p> </o:p></span></pre>
<pre style="text-indent:12.0pt"><span style="color:windowtext" lang="EN-US">adding the following sentence(s) to sections on localityName and stateOrProvinceName of SSL BR:<o:p></o:p></span></pre>
<p class="MsoNormal"><span
style="font-family:細明體;color:windowtext" lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:細明體;color:windowtext" lang="EN-US">This
field is also optional if the organization is uniquely
identifiable by registration in a
national-government-adopted X.500 directory that does not
contain the [localityName/stateOrProvinceName] attribute.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"> Please discuss. Thanks.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"> Li-Chun Chen<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#1F497D"
lang="EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US"> Public
[<a class="moz-txt-link-freetext" href="mailto:public-bounces@cabforum.org">mailto:public-bounces@cabforum.org</a>] <b>On Behalf Of </b>Dimitris
Zacharopoulos via Public<br>
<b>Sent:</b> Wednesday, March 22, 2017 10:21 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:public@cabforum.org">public@cabforum.org</a><br>
<b>Cc:</b> Dimitris Zacharopoulos<br>
<b>Subject:</b> [</span><span
style="font-size:10.0pt;font-family:"新細明體","serif";color:windowtext">外部郵件</span><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US">] Re: [cabfpub] Naming rules<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
lang="EN-US">If both companies "ABC" are located in the same
city, then with current rules, there will be a DN collision,
right? I don't think you can avoid that with the current
BRs.<br>
<br>
Dimitris.<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-US">On 22/3/2017 3:56 μμ,
Jeremy Rowley via Public wrote:<o:p></o:p></span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""
lang="EN-US">Correct. For #5 to be true, #3 must be true
(which is still unclear), and OV must represent
jurisdiction of incorporation (which it doesn’t). </span><span
lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><a moz-do-not-send="true"
name="_MailEndCompose"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""
lang="EN-US"> </span><span lang="EN-US"><o:p></o:p></span></a></p>
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""
lang="EN-US">From:</span></b><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif""
lang="EN-US"> Ryan Sleevi [<a moz-do-not-send="true"
href="mailto:sleevi@google.com">mailto:sleevi@google.com</a>]
<br>
<b>Sent:</b> Wednesday, March 22, 2017 7:33 AM<br>
<b>To:</b> CA/Browser Forum Public Discussion List <a
moz-do-not-send="true" href="mailto:public@cabforum.org"><public@cabforum.org></a><br>
<b>Cc:</b> Gervase Markham <a moz-do-not-send="true"
href="mailto:gerv@mozilla.org"><gerv@mozilla.org></a>;
Jeremy Rowley <a moz-do-not-send="true"
href="mailto:jeremy.rowley@digicert.com"><jeremy.rowley@digicert.com></a><br>
<b>Subject:</b> Re: [cabfpub] Naming rules</span><span
lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"> <o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-US"> <o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-US"> <o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-US">On Wed, Mar 22,
2017 at 9:30 AM, Jeremy Rowley via Public <<a
moz-do-not-send="true"
href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>>
wrote:<o:p></o:p></span></p>
<blockquote style="border:none;border-left:solid #CCCCCC
1.0pt;padding:0cm 0cm 0cm
6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<p class="MsoNormal"><span lang="EN-US">There's one
important item that seems unclear to me. What I
took from reading Li Chun's message:<br>
<br>
1) Taiwan has a country-level registration<br>
2) Taiwan has a city-level registration<br>
3) The two are not mutually exclusive (ie ABC
Company at the country level might be a completely
different entity than ABC Company at the city
level)<br>
4) You want the BRs to distinguish whether
the ABC Company was registered with the country of
Taiwan vs. a city registration.<br>
5) If locality is included in a cert, the
actions of ABC Company (country) could be falsely
attributed to the ABC Company (local)<br>
<br>
I can't tell if #3 is true. If it is, then I can
see why we'd want to make the change. If #3 is not
true, then the change is only for convenience in
Taiwan.<o:p></o:p></span></p>
</blockquote>
<div>
<p class="MsoNormal"><span lang="EN-US"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US">#5 is true if
and only if we view OV information to indicate
jurisdiction of incorporation. If it indicates
physical address, then #5 is not true, correct? <o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"> <o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span
style="font-family:"新細明體","serif""
lang="EN-US"><br>
<br>
<br>
<o:p></o:p></span></p>
<pre><span lang="EN-US">_______________________________________________<o:p></o:p></span></pre>
<pre><span lang="EN-US">Public mailing list<o:p></o:p></span></pre>
<pre><span lang="EN-US"><a moz-do-not-send="true" href="mailto:Public@cabforum.org">Public@cabforum.org</a><o:p></o:p></span></pre>
<pre><span lang="EN-US"><a moz-do-not-send="true" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a><o:p></o:p></span></pre>
</blockquote>
<p class="MsoNormal"><span
style="font-family:"新細明體","serif""
lang="EN-US"><o:p> </o:p></span></p>
</div>
<br>
<div>
<div>本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利用本信件內容,並請銷毀此信件.
如為指定收件者,應確實保護郵件中本公司之營業機密及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性,以共同善盡資訊安全與個資保護責任. </div>
<div>Please be advised that this email message (including any
attachments) contains confidential information and may be
legally privileged. If you are not the intended recipient,
please destroy this message and all attachments from your
system and do not further collect, process, or use them.
Chunghwa Telecom and all its subsidiaries and associated
companies shall not be liable for the improper or incomplete
transmission of the information contained in this email nor
for any delay in its receipt or damage to your system. If you
are the intended recipient, please protect the confidential
and/or personal information contained in this email with due
care. Any unauthorized use, disclosure or distribution of this
message in whole or in part is strictly prohibited. Also,
please self-inspect attachments and hyperlinks contained in
this email to ensure the information security and to protect
personal information.</div>
</div>
<div><br>
</div>
<div><br>
</div>
</blockquote>
<br>
</body>
</html>