<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<br>
<div class="moz-cite-prefix">On 29/9/2022 12:40 μ.μ., Pedro FUENTES
via Smcwg-public wrote:<br>
</div>
<blockquote type="cite"
cite="mid:01000183889edb71-67177a7f-b33e-4fe3-96a2-97a8cc51a753-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
Hi there,
<div class="">I was just thinking on the discussion yesterday
about the Country, and the issue detected about the “Subject
being validated” (and included in the certificate) to be the
country where the company is registered (and I said “registered”
because I understood there were opinions saying that this field
would be redundant as we had already the organisation
identifier, which is related to the country of registration).</div>
<div class=""><br class="">
</div>
<div class="">
<div class="">Although we follow already this practice, so
currently for MPKI customers we include the country of the
company, as verified, this has recurrently annoyed some
customers that have employees in different locations
(sometimes changing the state/province, not necessarily the
country), so maybe this deserves some discussion.</div>
<div class=""><br class="">
</div>
</div>
<div class="">My first question would be… is there really
consensus about setting the country as the country (and state,
if present) where the company is registered? The current writing
of the guidelines talks about the “Country of the Subject”, so
until now it could be understood that this was about the person,
not the company… I heard some discordant voices and for me
wasn’t clear the general opinion.</div>
<div class=""><br class="">
</div>
<div class="">My second question would be… could we specify in the
certificate the country where the company “operates”, instead of
the country where is registered? My rational for this question
is as follows: Same as in the BR for SSL, it’s required to be
done a “validation of physical existence”, and this could
eventually allow to include in the certificate dutifully
validated countries (or states) where the company operates, and
not necessarily the country where the company is registered…
This in fact opens up a possibility… Could it be understood that
the company operates where the employee that gets the
certificate is located?</div>
</blockquote>
<br>
My reading of the requirements is that ANY countryName value where
the country is registered or operates (this needs to be validated of
course) is acceptable.<br>
<br>
<blockquote type="cite"
cite="mid:01000183889edb71-67177a7f-b33e-4fe3-96a2-97a8cc51a753-000000@email.amazonses.com">
<div class=""><br class="">
</div>
<div class="">My third question… once there’s intent to take the
BR for SSL as reference… what about the obligation to include
the state/province and country if the organisation name is
present? Was this discussed? (maybe I missed that call) <br>
</div>
</blockquote>
<br>
Only the countryName was discussed to be added as a SHALL. I believe
the logic is the same for ST and L. They need to follow the
organization for the sponsored profile, not the individual.<br>
<br>
Cheers,<br>
Dimitris.<br>
<br>
<blockquote type="cite"
cite="mid:01000183889edb71-67177a7f-b33e-4fe3-96a2-97a8cc51a753-000000@email.amazonses.com">
<div class=""><br class="">
</div>
<div class="">Best,</div>
<div class="">Pedro</div>
<div class=""><br class="">
<div class="">
<div dir="auto" style="text-align: start; text-indent: 0px;
word-wrap: break-word; -webkit-nbsp-mode: space; line-break:
after-white-space;" class="">
<div dir="auto" style="text-align: start; text-indent: 0px;
word-wrap: break-word; -webkit-nbsp-mode: space;
line-break: after-white-space;" class="">
<div dir="auto" style="text-align: start; text-indent:
0px; word-wrap: break-word; -webkit-nbsp-mode: space;
line-break: after-white-space;" class="">
<div style="text-align: start; text-indent: 0px;
word-wrap: break-word; -webkit-nbsp-mode: space;
line-break: after-white-space;" class="">
<div style="text-align: start; text-indent: 0px;
word-wrap: break-word; -webkit-nbsp-mode: space;
line-break: after-white-space;" class="">
<div style="text-align: start; text-indent: 0px;
word-wrap: break-word; -webkit-nbsp-mode: space;
line-break: after-white-space;" class="">
<div style="text-align: start; text-indent: 0px;
word-wrap: break-word; -webkit-nbsp-mode: space;
line-break: after-white-space;" class="">
<div style="text-align: start; text-indent: 0px;
word-wrap: break-word; -webkit-nbsp-mode:
space; line-break: after-white-space;"
class="">
<div style="text-align: start; text-indent:
0px; word-wrap: break-word;
-webkit-nbsp-mode: space; line-break:
after-white-space;" class="">
<div style="text-align: start; text-indent:
0px; word-wrap: break-word;
-webkit-nbsp-mode: space; line-break:
after-white-space;" class=""><font
class="" style="caret-color: rgb(0, 0,
0); color: rgb(0, 0, 0); letter-spacing:
normal; text-transform: none;
white-space: normal; word-spacing: 0px;
text-decoration: none;
-webkit-text-stroke-width: 0px;
font-size: 12px; font-style: normal;
font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-caps: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
font-weight: normal; line-height:
normal; text-align: start; text-indent:
0px;"><b class=""><font class=""
style="font-size: 11px;"
color="#f62400">WISeKey SA<br
class="">
</font></b></font>
<div class="" style="caret-color: rgb(0,
0, 0); color: rgb(0, 0, 0);
letter-spacing: normal; text-transform:
none; white-space: normal; word-spacing:
0px; text-decoration: none;
-webkit-text-stroke-width: 0px;
font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-caps: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
line-height: normal; text-align: start;
text-indent: 0px;"><font class=""
style="color: rgb(0, 0, 0); font-size:
12px; font-weight: normal; font-style:
normal;"><span class=""
style="font-size: 11px;"><b class="">Pedro
Fuentes<br class="">
</b>CSO - Trust Services Manager</span><br
class="">
<font class="" size="1">Office: + 41
(0) 22 594 30 00<br class="">
Mobile: + 41 (0) </font></font><span
style="color: rgb(0, 0, 0); font-size:
x-small; font-weight: normal;
font-style: normal;" class="">791 274
790</span></div>
<div class=""
style="font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
line-height: normal; text-align: start;
text-indent: 0px;"><font class=""
style="caret-color: rgb(0, 0, 0);
color: rgb(0, 0, 0); font-size: 12px;
font-style: normal; font-variant-caps:
normal; font-weight: normal;
letter-spacing: normal;
text-transform: none; white-space:
normal; word-spacing: 0px;
text-decoration: none;
-webkit-text-stroke-width: 0px;"><font
class="" size="1">Address: </font></font><font
class="" size="1">Avenue Louis-Casaï
58 | </font><span style="font-size:
x-small;" class="">1216 Cointrin |
Switzerland</span></div>
<div class=""
style="font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
line-height: normal; text-align: start;
text-indent: 0px;"><font class=""><font
class="" style="caret-color: rgb(0,
0, 0); color: rgb(0, 0, 0);
font-size: 12px; font-style: normal;
font-variant-caps: normal;
font-weight: normal; letter-spacing:
normal; text-transform: none;
white-space: normal; word-spacing:
0px; text-decoration: none;
-webkit-text-stroke-width: 0px;"
size="1"><b class="">Stay connected
with <a
href="http://www.wisekey.com"
class="" moz-do-not-send="true"><font
class="" color="#f62400">WISeKey</font></a><br
class="">
</b></font></font><span class=""
style="caret-color: rgb(0, 0, 0);
color: rgb(169, 169, 169); font-size:
10px; font-style: normal;
font-variant-caps: normal;
font-weight: normal; letter-spacing:
normal; text-transform: none;
white-space: normal; word-spacing:
0px; text-decoration: none;
-webkit-text-stroke-width: 0px;
orphans: 2; widows: 2;"><br class="">
</span></div>
<div class="" style="caret-color: rgb(0,
0, 0); color: rgb(0, 0, 0);
letter-spacing: normal; text-transform:
none; white-space: normal; word-spacing:
0px; text-decoration: none;
-webkit-text-stroke-width: 0px;
font-size: 12px; font-style: normal;
font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-caps: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
font-weight: normal; line-height:
normal; text-align: start; text-indent:
0px;">
<div class=""
style="font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
line-height: normal;"><span class=""
style="orphans: 2; widows: 2;"><font
class="" size="1" color="#78a600"><b
class="">THIS IS A TRUSTED MAIL</b>:
This message is digitally signed
with a WISeKey identity. If
you get a mail from WISeKey please
check the signature to avoid
security risks</font></span></div>
<div class=""
style="font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
line-height: normal;"><span class=""
style="orphans: 2; widows: 2;
font-size: 9px;"><font class=""
color="#a9a9a9"><br class="">
</font></span></div>
<div class=""
style="font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
line-height: normal;">
<div class="" style="orphans: 2;
widows: 2;"><font class=""
style="font-size: 9px;"
color="#a9a9a9"><b class="">CONFIDENTIALITY: </b>This
email and any files
transmitted with it can be
confidential and it’s intended
solely for the use of
the individual or entity to which
they are addressed. If you are not
the named addressee you should not
disseminate, distribute or copy
this e-mail. If you have
received this email in error
please notify the sender</font></div>
<div class="" style="orphans: 2;
widows: 2;"><font class=""
style="font-size: 9px;"
color="#a9a9a9"><br class="">
</font></div>
<div class="" style="orphans: 2;
widows: 2;"><font class=""
style="font-size: 9px;"
color="#a9a9a9"><b class="">DISCLAIMER: </b>WISeKey
does not warrant the accuracy
or completeness of this message
and does not accept any liability
for any errors or omissions herein
as this message has
been transmitted over a public
network. Internet
communications cannot be
guaranteed to be secure or
error-free as information may be
intercepted, corrupted, or contain
viruses. Attachments to this
e-mail are checked for viruses;
however, we do not accept any
liability for any damage sustained
by viruses and therefore you are
kindly requested to check for
viruses upon receipt.</font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br class="">
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Smcwg-public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Smcwg-public@cabforum.org">Smcwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/smcwg-public">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a>
</pre>
</blockquote>
<br>
</body>
</html>