<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=iso-2022-jp"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"MS Gothic";
panose-1:2 11 6 9 7 2 5 8 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:"Yu Gothic";
panose-1:2 11 4 0 0 0 0 0 0 0;}
@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"MS PGothic";
panose-1:2 11 6 0 7 2 5 8 2 4;}
@font-face
{font-family:"\@Yu Gothic";
panose-1:2 11 4 0 0 0 0 0 0 0;}
@font-face
{font-family:"\@DengXian";
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"\@MS Gothic";
panose-1:2 11 6 9 7 2 5 8 2 4;}
@font-face
{font-family:"\@MS PGothic";}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:12.0pt;
font-family:"MS PGothic",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"MS Gothic";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:12.0pt;
font-family:"MS PGothic",sans-serif;}
p.xmsonormal, li.xmsonormal, div.xmsonormal
{mso-style-name:x_msonormal;
margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle26
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1745909603;
mso-list-type:hybrid;
mso-list-template-ids:-1067559212 -1742704642 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:\F0D8;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;
mso-fareast-font-family:"Yu Gothic";
mso-bidi-font-family:"Times New Roman";}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink=purple style='word-wrap:break-word'><div class=WordSection1><ul style='margin-top:0in' type=disc><li class=MsoListParagraph style='color:black;margin-left:0in;mso-list:l0 level1 lfo1;background:white'><span style='font-family:"Calibri",sans-serif'>I think it correctly states ISO 3166-2 but it incorrectly assumes that the subdivision has a length of two.<o:p></o:p></span></li></ul><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Looks like this is an error that was originally introduced in the EVGs for orgID. EVG 9.2.8 says:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>$B!H(BFor the NTR Registration Scheme identifier, if required under Section 9.2.4, a 2 character ISO<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>3166$B!>(B2 identifier for the subdivision (state or province) of the nation in which the Registration<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Scheme is operated, preceded by plus $B!H(B+$B!I(B (0x2B (ASCII), U+002B (UTF$B!>(B8));$B!I(B<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>We should fix that too (CC$B!G(Bing servercert-wg).<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Thanks,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>Corey<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Smcwg-public <smcwg-public-bounces@cabforum.org> <b>On Behalf Of </b>Paul van Brouwershaven via Smcwg-public<br><b>Sent:</b> Tuesday, April 4, 2023 5:03 AM<br><b>To:</b> Bruce Morton <bruce.morton@entrust.com>; SMIME Certificate Working Group <smcwg-public@cabforum.org>; Dimitris Zacharopoulos (HARICA) <dzacharo@harica.gr><br><b>Subject:</b> Re: [Smcwg-public] [EXTERNAL] Re: orgID - Government entities<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal style='background:white'><span style='font-family:"Calibri",sans-serif;color:black'>ISO 3166-1 is the country code<o:p></o:p></span></p></div><div><p class=MsoNormal style='background:white'><span style='font-family:"Calibri",sans-serif;color:black'>ISO 3166-2 is the subdivision code<o:p></o:p></span></p></div><div><p class=MsoNormal style='background:white'><span style='font-family:"Calibri",sans-serif;color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt;background:white'><span style='font-family:"Calibri",sans-serif;color:black'>S/MIME BR 7.1.4.2.2.d. Note 2 states:<o:p></o:p></span></p><blockquote><p class=MsoNormal style='background:white'><i><span style='font-family:"Calibri",sans-serif;color:black'>$B!H(BFor Government Entities, the CA SHALL enter the Registration Scheme identifier $B!F(BGOV$B!G(B followed by the 2 character ISO 3166 country code for the nation in which the Government Entity is located. <u><span style='background:yellow'>If the Government Entity is verified at a <b>subdivision</b> (state or province)</span></u> level, then a plus $B!H(B+$B!I(B (0x2B (ASCII), U+002B (UTF$B!>(B8)) followed by a <b><u><span style='background:red'>2 character</span></u></b><u><span style='background:red'> ISO 3166$B!>(B2</span></u><span style='background:white'> identifier </span>for the subdivision is added.$B!I(B</span></i><span style='font-family:"Calibri",sans-serif;color:black'><o:p></o:p></span></p></blockquote></div><div><p class=MsoNormal style='background:white'><span style='font-family:"Calibri",sans-serif;color:black'><o:p> </o:p></span></p></div><div><p class=MsoNormal style='background:white'><span style='font-family:"Calibri",sans-serif;color:black'>I think it correctly states ISO 3166-2 but it incorrectly assumes that the subdivision has a length of two.<o:p></o:p></span></p></div><div><p class=MsoNormal style='background:white'><span style='font-family:"Calibri",sans-serif;color:black'><o:p> </o:p></span></p></div><div class=MsoNormal align=center style='text-align:center'><hr size=2 width="98%" align=center></div><div id=divRplyFwdMsg><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:black'> Smcwg-public <<a href="mailto:smcwg-public-bounces@cabforum.org">smcwg-public-bounces@cabforum.org</a>> on behalf of Dimitris Zacharopoulos (HARICA) via Smcwg-public <<a href="mailto:smcwg-public@cabforum.org">smcwg-public@cabforum.org</a>><br><b>Sent:</b> Tuesday, April 4, 2023 07:37<br><b>To:</b> Bruce Morton <<a href="mailto:Bruce.Morton@entrust.com">Bruce.Morton@entrust.com</a>>; SMIME Certificate Working Group <<a href="mailto:smcwg-public@cabforum.org">smcwg-public@cabforum.org</a>><br><b>Subject:</b> [EXTERNAL] Re: [Smcwg-public] orgID - Government entities</span> <o:p></o:p></p><div><p class=MsoNormal> <o:p></o:p></p></div></div><div><p class=MsoNormal>WARNING: This email originated outside of Entrust.<br>DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.<o:p></o:p></p><div class=MsoNormal align=center style='text-align:center'><hr size=2 width="100%" align=center></div><p class=MsoNormal style='margin-bottom:12.0pt'>It should be ISO 3166-1 for the alpha-2 character code. This was probably an oversight.<br><br>Stephen, is this something we could add to the upcoming ballot with fixes?<br><br><br>Thanks,<br>Dimitris.<o:p></o:p></p><div><p class=MsoNormal>On 30/3/2023 8:24 $B&L(B.$B&L(B., Bruce Morton via Smcwg-public wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=xmsonormal>Sorry I missed the call yesterday.<o:p></o:p></p><p class=xmsonormal> <o:p></o:p></p><p class=xmsonormal>I am hoping the QIIS item can be added to the erratum. In addition, we have the following observation.<o:p></o:p></p><p class=xmsonormal> <o:p></o:p></p><p class=xmsonormal>S/MIME BR 7.1.4.2.2.d. Note 2 states, $B!H(BFor Government Entities, the CA SHALL enter the Registration Scheme identifier $B!F(BGOV$B!G(B followed by the 2 character ISO 3166 country code for the nation in which the Government Entity is located. If the Government Entity is verified at a subdivision (state or province) level, then a plus $B!H(B+$B!I(B (0x2B (ASCII), U+002B (UTF$B!>(B8)) followed by a <b>2 character ISO 3166$B!>(B2 identifier</b> for the subdivision is added.$B!I(B<o:p></o:p></p><p class=xmsonormal> <o:p></o:p></p><p class=xmsonormal>The wording is complicated as there are no 2 character 3166-2 identifiers as they start with the 2 character country code plus a hyphen. For California the code is <b>US-</b>CA, but we expect the result for the orgID to be GOVUS+CA and not GOVUS+US-CA. For Czechia, they append 2 or 3 numerals such as CZ-201. I assume we want to show GOVCZ+201 (see <a href="https://url.avanan.click/v2/___https:/urldefense.com/v3/__https:/www.iso.org/obp/ui/*iso:code:3166:CZ__;Iw!!FJ-Y8qCqXTj2!e0mTl4p5JfttNo888kNqKGAYUo36SuEiHjGLrpS8kHZi56mAxJeRhKRClNow_FwG3tPs0DB9mFkeja72a6LgFMAIKNAJknQ-3TI$___.YXAzOmRpZ2ljZXJ0OmE6bzo2MTE3N2FjYjk4NmNhZjZiMTBlYzdkYzljNWViMjc1MTo2OmQyZWM6NjQyYTUxNGRkMjI4OTdmNTRkNWFkOWE1MzM1MmYwZThjM2FlYmYzNDNlNzgwZjE0NjJkZjk0MTMwODFjODMwYTpoOkY" title="Protected by Avanan: https://urldefense.com/v3/__https://www.iso.org/obp/ui/*iso:code:3166:CZ__;Iw!!FJ-Y8qCqXTj2!e0mTl4p5JfttNo888kNqKGAYUo36SuEiHjGLrpS8kHZi56mAxJeRhKRClNow_FwG3tPs0DB9mFkeja72a6LgFMAIKNAJknQ-3TI$">https://www.iso.org/obp/ui/#iso:code:3166:CZ</a>), but this is adding more than 2 characters. <o:p></o:p></p><p class=xmsonormal> <o:p></o:p></p><p class=xmsonormal>I am not sure how to state this but I think we want these examples:<o:p></o:p></p><p class=xmsonormal> <o:p></o:p></p><p class=xmsonormal>OrgID GOVUS based on ISO 3166-1 US indicator<o:p></o:p></p><p class=xmsonormal>OrgID GOVUS+CA based on ISO 3166-1 US indicator and ISO3166-2 US-CA indicator<o:p></o:p></p><p class=xmsonormal>OrgID GOV CZ+201 based on ISO 3166-1 CZ indicator and ISO3166-2 CZ-201 indicator<o:p></o:p></p><p class=xmsonormal> <o:p></o:p></p><p class=xmsonormal>So could we add this to a clarification ballot and change $B!H(Bfollowed by a 2 character ISO 3166<span lang=ZH-CN style='font-family:DengXian;mso-fareast-language:ZH-CN'>$B!>(B</span>2 identifier for the subdivision added$B!I(B to $B!H(Bfollowed by the ISO 3166-2 additional characters identified for the subdivision added$B!I(B? Then provide the examples.<o:p></o:p></p><p class=xmsonormal> <o:p></o:p></p><p class=xmsonormal> <o:p></o:p></p><p class=xmsonormal>Thanks, Bruce.<o:p></o:p></p></div><p class=MsoNormal><i>Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. <u>Please notify Entrust immediately</u> and delete the message from your system.</i> <br><br><o:p></o:p></p><pre>_______________________________________________<o:p></o:p></pre><pre>Smcwg-public mailing list<o:p></o:p></pre><pre><a href="mailto:Smcwg-public@cabforum.org">Smcwg-public@cabforum.org</a><o:p></o:p></pre><pre><a href="https://url.avanan.click/v2/___https:/urldefense.com/v3/__https:/lists.cabforum.org/mailman/listinfo/smcwg-public__;!!FJ-Y8qCqXTj2!e0mTl4p5JfttNo888kNqKGAYUo36SuEiHjGLrpS8kHZi56mAxJeRhKRClNow_FwG3tPs0DB9mFkeja72a6LgFMAIKNAJiOwCDkM$___.YXAzOmRpZ2ljZXJ0OmE6bzo2MTE3N2FjYjk4NmNhZjZiMTBlYzdkYzljNWViMjc1MTo2OmFjOTU6ODJiY2Y1NzhiYjlmZThjNTgxMDM3NTJkY2ZhMWVmOTgyMTg5NDY2NzJlNTZjNDNhMWIxN2ExNTg4YTY2Y2E5MDpoOkY" title="Protected by Avanan: https://urldefense.com/v3/__https://lists.cabforum.org/mailman/listinfo/smcwg-public__;!!FJ-Y8qCqXTj2!e0mTl4p5JfttNo888kNqKGAYUo36SuEiHjGLrpS8kHZi56mAxJeRhKRClNow_FwG3tPs0DB9mFkeja72a6LgFMAIKNAJiOwCDkM$">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a><o:p></o:p></pre></blockquote><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>