<div dir="ltr">In the context of OU, including it as a custom extension would violate 7.1.2.4(b), for exactly the reasons it's being discussed to be forbidden.<div><br></div><div>It is, as the core, as Paul and you have acknowledged: information not verified by CAs (as it cannot be, as it is fundamentally self-attested with no externally verifiable source), and which will mislead Relying Parties.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Nov 24, 2020 at 1:10 PM Dimitris Zacharopoulos (HARICA) <<a href="mailto:dzacharo@harica.gr">dzacharo@harica.gr</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<br>
<br>
<div>On 24/11/2020 6:01 μ.μ., Ryan Sleevi
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr"><br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Tue, Nov 24, 2020 at 1:34
AM Dimitris Zacharopoulos (HARICA) <<a href="mailto:dzacharo@harica.gr" target="_blank">dzacharo@harica.gr</a>>
wrote:</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<div>On 24/11/2020 12:34 π.μ., Ryan Sleevi wrote:<br>
</div>
<blockquote type="cite">
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div> To use an example, if a CA were to define in its
CP/CPS an extension that follows exactly the
description of the <em>cabfOrganizationIdentifier</em>
as described in section 9.8.2 of the EV Guidelines
(my previous example was flawed), describe the same
EVG validation rules for that extension and include
this extension in an OV Certificate, wouldn't that
be compliant with the BRs?<br>
</div>
</blockquote>
<div><br>
</div>
<div>No, not inherently. </div>
</blockquote>
<br>
I'm sorry for being confused with this response, I was
expecting a "yes" because for this example we have
documented CABF agreed validation rules, which should
unambiguously meet all of BRs 7.1.2.4 requirements. Which
part, in your opinion, doesn't fulfill the 7.1.2.4
section? I think it is important to understand this point
because if this example doesn't fulfill BRs 7.1.2.4 for
custom extensions, I don't know what will.<br>
</div>
</blockquote>
<div><br>
</div>
<div>I suspect this would be better served on our next
validation call, since we have a tendency to talk past each
other in mails. At the core, you described a method which,
with the information provided, does not satisfy 7.1.2.4. If
you believe you can define a method that does, then it's up
to you to document and explain. Unsurprisingly, I am
categorically unwilling to state "yes" to something that can
and will be misconstrued, and in a way that can cause users
harm. However, it also seems non-germane to the thread at
hand, and so if you'd like to discuss something concrete, it
would perhaps best be done in a new thread, to avoid
shifting the discussion.</div>
</div>
</div>
</blockquote>
<br>
I thought it was relevant because of Doug's proposal to make use of
a custom extension for OU, so I was trying to get some sense of the
boundaries on using custom extensions in general, as allowed in the
BRs. I will try to attend the next validation call to discuss
further.<br>
<br>
<br>
Thanks,<br>
Dimitris.<br>
<br>
<br>
</div>
</blockquote></div>