[cabfcert_policy] Amendment of BR 7.1.4.2.2, EVGL 9.2.5 & 9.2.7 power point file RE: About call for Draft Agenda items of F2F meeting
陳立群
realsky at cht.com.tw
Sun Oct 16 02:03:39 MST 2016
Dear Myers,
I prepare a power point file as attached file for Ben to lead the discussion on Oct,18 . Most of the materials were appeared in past discussion (https://cabforum.org/pipermail/public/ ) or CP working call meeting except page 16,17, 40 and 41. Please give us your thought.
I see Chi and Eric from US FPKI will join this meeting, please also give your thought about Subject DN for government entities and "it is not suitable to enforce the CA to insert either L or ST into the subject DN in BR"
Tonight I will take the airplane to US. When I can receive the mail or any response on Oct.,16 night or Oct.,17 in Redmond, I will put the presentation file to public list for discussion.
Sincerely Yours,
Li-Chun CHEN
Chunghwa Telecom
-----Original Message-----
From: Myers, Kenneth (10421) [mailto:kenneth.myers at protiviti.com]
Sent: Wednesday, October 05, 2016 12:44 AM
To: 陳立群; 'Dean Coclin'; policyreview at cabforum.org
Cc: '王文正'; ayatosu at cht.com.tw
Subject: RE: [cabfcert_policy] RE: About call for Draft Agenda items of F2F meeting
Afternoon everyone,
Awesome that we are reviewing US Federal PKI documents for requirements! I'm a little lost to the context though. Are you suggesting to integrate the Locality, State, or Province requirements from the US Federal PKI certificate profiles and Federal Common Policy CP into an EV change proposal?
US Federal PKI are in the process of updating the CP and Cert Profiles based on an approved change proposal to integrate requirements from the BRs v1.3. I don't have a final version yet, but let me know if it would help as well as any other US Federal PKI documents.
Kenneth Myers
Supporting GSA Federal PKI Management Authority Protiviti | Government Solutions | Manager
DC | +1 571-469-9038 | Kenneth.Myers at GSA.gov
Alexandria | +1 571-366-6120 | Kenneth.Myers at Protiviti.com
Dear Dean,
Thank you very much for your arrangement.
Dear All,
Follow Dean’s instruction, I send below memo to the entire Policy working group mailing list to include attachments so you can be prepared to discuss in F2F meeting Day 1 and Day 3.
I will prepare the presentation files and send them before I take the airplane.
Sincerely Yours,
Li-Chun CHEN
From: Dean Coclin [mailto:Dean_Coclin at symantec.com]
Sent: Saturday, October 01, 2016 4:03 AM
To: 陳立群; ben.wilson at digicert.com; Kirk Hall
Cc: 王文正; ayatosu at cht.com.tw
Subject: RE: About call for Draft Agenda items of F2F meeting
I’ve added #1 to Policy WG meeting at F2F. Please send this memo to the entire Policy working group mailing list to include the attachments so they can be prepared to discuss.
I’ve also added a discussion on item 2 for the main meeting.
From: 陳立群 [mailto:realsky at cht.com.tw]
Sent: Thursday, September 29, 2016 9:47 AM
To: Dean Coclin <Dean_Coclin at symantec.com>; ben.wilson at digicert.com; Kirk Hall <Kirk.Hall at entrust.com>
Cc: 王文正 <wcwang at cht.com.tw>; ayatosu at cht.com.tw
Subject: About call for Draft Agenda items of F2F meeting
Dear Dean, Kirk and Ben,
There are two topics that I hope to discuss in fall F2F meeting.
1. Will we discuss about amendment of SSL BR 7.1.4.2.2 e/f ,EVGL 9.2.5 and EVGL 9.2.7 on 18 October 2016 Policy Review Working Group session? And we hope there will be a pre-ballot to release these guidelines now ask to insert either Locality Name or State or Province Name in DN for small countries or government registry of unique names.
Thanks for Kirk mail me his proposal to solve EVGL 9.2.7. We email Kirk for attached two pdf files.
Please see page 39 about "Worksheet 7: Certificate Profile for Computing and Communications Devices" of "X.509 Certificate and Certificate Revocation List (CRL) Extensions Profile for the Shared Service Providers (SSP) Program" as attached pdf file, it said the name form of the subeject RDN Must use one of the name forms specified in Section 3.1.1 of the Common Certificate Policy.
Please see page 13 of Common_Policy_Framework.pdf (Section 3.1.1 of the Common Certificate Policy).
Devices that are the subject of certificates issued under this policy shall be assigned either a geo-political name or an Internet domain component name. Device names shall take one of the following forms:
· C=US, o=U.S. Government, [ou=department], [ou=agency], [ou=structural_container], cn=device name · dc=gov, dc=org0, [dc=org1], …, [dc=orgN], [ou=structural_container], [cn=device name] · dc=mil, dc=org0, [dc=org1], …, [dc=orgN], [ou=structural_container], [cn=device name]
where device name is a descriptive name for the device. Where a device is fully described by the Internet domain name, the common name attribute is optional.
Please note that the first name form is X.500 name form, and the first name form should not have State or Province Name or Locality Name. For example, the United States Federal Department of the Treasury 's Server's DN in accordance with the Common Certificate Policy rules should be C = US, O = US Government, OU = Department of the Treasury, CN=FQDN of Department of the Treasury 's Server.
Imagine if the DN in accordance with SSL BR named C = US, L = Washington DC, O = US Government, OU = Department of the Treasury,CN=FQDN of Department of the Treasury 's Server or C = US, L = Washington S=DC, O = US Government, OU = Department of the Treasury, CN=FQDN of Department of the Treasury 's Server or C = US, S = Washington DC, O = US Government, OU = Department of the Treasury, CN=FQDN of Department of the Treasury 's Server, these DN will make people feel very wrong.
2. If possible, I hope another session maybe on Oct.,20 to discuss about browser to change their code to for UI for Subject DN. For example, could below partial DN of detailed information of https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_&d=DQIFaQ&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=cuXKKt8ojXzcM3d9C5F_kkk9LLlwA0j2QpHLjNkWGrk&s=WqtA3B3XPHRB9h-ACLSVb1nMQUB62nU_g6eH8awyMG8&e= EV SSL certificate
1.3.6.1.4.1.311.60.2.1.2 = Delaware
1.3.6.1.4.1.311.60.2.1.3 = US
2.5.4.15 = Private Organization
Change to
Jurisdiction of Incorporation State or Province = Delaware Jurisdiction of Incorporation Country= US Business Category= Private Organization
I think it will be helpful for relying party to see the detailed information of this EV SSL certificate.
Also there are another issue about EVGL 9.2.5 to use a Microsoft registered OID that we discussed as attached word file.
Sincerely Yours,
Li-Chun CHEN
本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利用本信件內容,並請銷毀此信件. 如為指定收件者,應確實保護郵件中本公司之營業機密及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性,以共同善盡資訊安全與個資保護責任.
Please be advised that this email message (including any attachments) contains confidential information and may be legally privileged. If you are not the intended recipient, please destroy this message and all attachments from your system and do not further collect, process, or use them. Chunghwa Telecom and all its subsidiaries and associated companies shall not be liable for the improper or incomplete transmission of the information contained in this email nor for any delay in its receipt or damage to your system. If you are the intended recipient, please protect the confidential and/or personal information contained in this email with due care. Any unauthorized use, disclosure or distribution of this message in whole or in part is strictly prohibited. Also, please self-inspect attachments and hyperlinks contained in this email to ensure the information security and to protect personal information.
NOTICE: Protiviti is a global consulting and internal audit firm composed of experts specializing in risk and advisory services. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. This electronic mail message is intended exclusively for the individual or entity to which it is addressed. This message, together with any attachment, may contain confidential and privileged information. Any views, opinions or conclusions expressed in this message are those of the individual sender and do not necessarily reflect the views of Protiviti Inc. or its affiliates. Any unauthorized review, use, printing, copying, retention, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email message to the sender and delete all copies of this message. Thank you.
本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利用本信件內容,並請銷毀此信件. 如為指定收件者,應確實保護郵件中本公司之營業機密及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性,以共同善盡資訊安全與個資保護責任.
Please be advised that this email message (including any attachments) contains confidential information and may be legally privileged. If you are not the intended recipient, please destroy this message and all attachments from your system and do not further collect, process, or use them. Chunghwa Telecom and all its subsidiaries and associated companies shall not be liable for the improper or incomplete transmission of the information contained in this email nor for any delay in its receipt or damage to your system. If you are the intended recipient, please protect the confidential and/or personal information contained in this email with due care. Any unauthorized use, disclosure or distribution of this message in whole or in part is strictly prohibited. Also, please self-inspect attachments and hyperlinks contained in this email to ensure the information security and to protect personal information.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Chunghwatelecom20161018v2.pptx
Type: application/vnd.openxmlformats-officedocument.presentationml.presentation
Size: 2937619 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/policyreview/attachments/20161016/59022089/attachment-0001.bin>
More information about the Policyreview
mailing list