[cabfcert_policy] RE: About call for Draft Agenda items of F2F meeting

陳立群 realsky at cht.com.tw
Mon Oct 3 03:48:17 MST 2016 

Dear Dean,

       Thank you very much for your arrangement.  

Dear All,

 Follow Dean’s instruction, I send below memo to the entire Policy working group mailing list to include  attachments so you can be prepared to discuss in F2F meeting Day 1 and Day 3. 

       I will prepare the presentation files and send them before I take the airplane.

Sincerely Yours,

             Li-Chun CHEN

From: Dean Coclin [mailto:Dean_Coclin at symantec.com] 
Sent: Saturday, October 01, 2016 4:03 AM
To: 陳立群; ben.wilson at digicert.com; Kirk Hall
Cc: 王文正; ayatosu at cht.com.tw
Subject: RE: About call for Draft Agenda items of F2F meeting 

I’ve added #1 to Policy WG meeting at F2F. Please send this memo to the entire Policy working group mailing list to include the attachments so they can be prepared to discuss.

I’ve also added a discussion on item 2 for the main meeting. 

From: 陳立群 [mailto:realsky at cht.com.tw] 
Sent: Thursday, September 29, 2016 9:47 AM
To: Dean Coclin <Dean_Coclin at symantec.com>; ben.wilson at digicert.com; Kirk Hall <Kirk.Hall at entrust.com>
Cc: 王文正 <wcwang at cht.com.tw>; ayatosu at cht.com.tw
Subject: About call for Draft Agenda items of F2F meeting 

Dear Dean, Kirk and Ben,

    There are two topics that I hope to discuss in fall F2F meeting.

1.       Will we discuss about amendment of SSL BR 7.1.4.2.2 e/f ,EVGL 9.2.5 and EVGL 9.2.7 on 18 October 2016 Policy Review Working Group session? And we hope there will be a pre-ballot to release these guidelines now ask to insert either Locality Name or State or Province Name in DN for small countries or government registry of unique names.

Thanks for Kirk mail me his proposal to solve EVGL 9.2.7. We email Kirk for attached two pdf files. 

Please see  page 39 about "Worksheet 7: Certificate Profile for Computing and Communications Devices" of "X.509 Certificate and Certificate Revocation List (CRL) Extensions Profile for the Shared Service Providers (SSP) Program" as attached pdf file, it said the name form of the subeject RDN Must use one of the name forms specified in Section 3.1.1 of the Common Certificate Policy.

   Please see page 13 of Common_Policy_Framework.pdf (Section 3.1.1 of the Common Certificate Policy). 

     Devices that are the subject of certificates issued under this policy shall be assigned either a geo-political name or an Internet domain component name. Device names shall take one of the following forms:
 C=US, o=U.S. Government, [ou=department], [ou=agency], [ou=structural_container], cn=device name
 dc=gov, dc=org0, [dc=org1], …, [dc=orgN], [ou=structural_container], [cn=device name]
 dc=mil, dc=org0, [dc=org1], …, [dc=orgN], [ou=structural_container], [cn=device name]

    where device name is a descriptive name for the device. Where a device is fully described by the Internet domain name, the common name attribute is optional.

    Please note that the first name form is X.500 name form, and the first name form should not have State or Province Name or Locality Name. For example, the United States Federal Department of the Treasury 's Server's DN in accordance with the Common Certificate Policy rules should be C = US, O = US Government, OU = Department of the Treasury, CN=FQDN of Department of the Treasury 's Server. 

     Imagine if the DN in accordance with SSL BR named C = US, L = Washington DC, O = US Government, OU = Department of the Treasury,CN=FQDN of Department of the Treasury 's Server or C = US, L = Washington S=DC, O = US Government, OU = Department of the Treasury, CN=FQDN of Department of the Treasury 's Server or C = US, S = Washington DC, O = US Government, OU = Department of the Treasury, CN=FQDN of Department of the Treasury 's Server,   these DN will make people feel very wrong.


2.      If possible, I hope another session maybe on Oct.,20 to discuss about browser to change their code to for UI for Subject DN. For example, could below partial DN of detailed information of https://github.com/ EV SSL certificate


1.3.6.1.4.1.311.60.2.1.2 = Delaware
1.3.6.1.4.1.311.60.2.1.3 = US
2.5.4.15 = Private Organization 

Change to

Jurisdiction of Incorporation State or Province = Delaware
Jurisdiction of Incorporation Country= US
Business Category= Private Organization

  I think it will be helpful for relying party to see the detailed information of this EV SSL certificate.

   Also there are another issue about EVGL 9.2.5 to use a Microsoft registered OID that we discussed as attached word file.

Sincerely Yours,

         Li-Chun CHEN




本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利用本信件內容,並請銷毀此信件. 如為指定收件者,應確實保護郵件中本公司之營業機密及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性,以共同善盡資訊安全與個資保護責任. 
Please be advised that this email message (including any attachments) contains confidential information and may be legally privileged. If you are not the intended recipient, please destroy this message and all attachments from your system and do not further collect, process, or use them. Chunghwa Telecom and all its subsidiaries and associated companies shall not be liable for the improper or incomplete transmission of the information contained in this email nor for any delay in its receipt or damage to your system. If you are the intended recipient, please protect the confidential and/or personal information contained in this email with due care. Any unauthorized use, disclosure or distribution of this message in whole or in part is strictly prohibited. Also, please self-inspect attachments and hyperlinks contained in this email to ensure the information security and to protect personal information.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: EVGLsection9.2.5&RFC5280&X.520.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 34308 bytes
Desc: not available
Url : https://cabforum.org/pipermail/policyreview/attachments/20161003/ad186096/attachment-0001.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Common_Policy_Framework.pdf
Type: application/pdf
Size: 1054703 bytes
Desc: not available
Url : https://cabforum.org/pipermail/policyreview/attachments/20161003/ad186096/attachment-0002.pdf 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Certificate_and_CRL_Profiles_for_SSP_Program_under_Common_Policy__v1_7.pdf
Type: application/pdf
Size: 1895593 bytes
Desc: not available
Url : https://cabforum.org/pipermail/policyreview/attachments/20161003/ad186096/attachment-0003.pdf

More information about the Policyreview mailing list