[cabfcert_policy] Amendment of BR 7.1.4.2.2, EVGL 9.2.5 & 9.2.7 power point file RE: About call for Draft Agenda items of F2F meeting

Eric Mill eric.mill at gsa.gov
Sun Oct 16 17:55:46 MST 2016 

(+LaChelle LeVan of FICAM)

On Sun, Oct 16, 2016 at 5:03 AM, 陳立群 <realsky at cht.com.tw> wrote:

> Dear Myers,
>
>    I prepare a power point file as attached file for Ben to lead the
> discussion on Oct,18 . Most of the materials were appeared in  past
> discussion (https://cabforum.org/pipermail/public/ ) or CP working call
> meeting except page 16,17, 40 and 41. Please give us your thought.
>
>    I see Chi and Eric from US FPKI will join this meeting, please also
> give your thought about Subject DN for government entities and "it is not
> suitable to enforce the CA to insert either L or ST into the subject DN in
> BR"
>
>    Tonight I will take the airplane to US. When I can receive the mail or
> any response on Oct.,16 night or Oct.,17 in Redmond, I will put the
> presentation file to public list for discussion.
>
> Sincerely Yours,
>
>         Li-Chun CHEN
>         Chunghwa Telecom
>
> -----Original Message-----
> From: Myers, Kenneth (10421) [mailto:kenneth.myers at protiviti.com]
> Sent: Wednesday, October 05, 2016 12:44 AM
> To: 陳立群; 'Dean Coclin'; policyreview at cabforum.org
> Cc: '王文正'; ayatosu at cht.com.tw
> Subject: RE: [cabfcert_policy] RE: About call for Draft Agenda items of
> F2F meeting
>
> Afternoon everyone,
>
> Awesome that we are reviewing US Federal PKI documents for requirements!
> I'm a little lost to the context though. Are you suggesting to integrate
> the Locality, State, or Province requirements from the US Federal PKI
> certificate profiles and Federal Common Policy CP into an EV change
> proposal?
>
> US Federal PKI are in the process of updating the CP and Cert Profiles
> based on an approved change proposal to integrate requirements from the BRs
> v1.3. I don't have a final version yet, but let me know if it would help as
> well as any other US Federal PKI documents.
>
>
> Kenneth Myers
> Supporting GSA Federal PKI Management Authority Protiviti | Government
> Solutions | Manager
> DC             | +1 571-469-9038 | Kenneth.Myers at GSA.gov
> Alexandria  | +1 571-366-6120 | Kenneth.Myers at Protiviti.com
>
> Dear Dean,
>
>        Thank you very much for your arrangement.
>
> Dear All,
>
> Follow Dean’s instruction, I send below memo to the entire Policy working
> group mailing list to include  attachments so you can be prepared to
> discuss in F2F meeting Day 1 and Day 3.
>
>        I will prepare the presentation files and send them before I take
> the airplane.
>
> Sincerely Yours,
>
>              Li-Chun CHEN
>
> From: Dean Coclin [mailto:Dean_Coclin at symantec.com]
> Sent: Saturday, October 01, 2016 4:03 AM
> To: 陳立群; ben.wilson at digicert.com; Kirk Hall
> Cc: 王文正; ayatosu at cht.com.tw
> Subject: RE: About call for Draft Agenda items of F2F meeting
>
> I’ve added #1 to Policy WG meeting at F2F. Please send this memo to the
> entire Policy working group mailing list to include the attachments so they
> can be prepared to discuss.
>
> I’ve also added a discussion on item 2 for the main meeting.
>
> From: 陳立群 [mailto:realsky at cht.com.tw]
> Sent: Thursday, September 29, 2016 9:47 AM
> To: Dean Coclin <Dean_Coclin at symantec.com>; ben.wilson at digicert.com; Kirk
> Hall <Kirk.Hall at entrust.com>
> Cc: 王文正 <wcwang at cht.com.tw>; ayatosu at cht.com.tw
> Subject: About call for Draft Agenda items of F2F meeting
>
> Dear Dean, Kirk and Ben,
>
>     There are two topics that I hope to discuss in fall F2F meeting.
>
> 1.       Will we discuss about amendment of SSL BR 7.1.4.2.2 e/f ,EVGL
> 9.2.5 and EVGL 9.2.7 on 18 October 2016 Policy Review Working Group
> session? And we hope there will be a pre-ballot to release these guidelines
> now ask to insert either Locality Name or State or Province Name in DN for
> small countries or government registry of unique names.
>
> Thanks for Kirk mail me his proposal to solve EVGL 9.2.7. We email Kirk
> for attached two pdf files.
>
> Please see  page 39 about "Worksheet 7: Certificate Profile for Computing
> and Communications Devices" of "X.509 Certificate and Certificate
> Revocation List (CRL) Extensions Profile for the Shared Service Providers
> (SSP) Program" as attached pdf file, it said the name form of the subeject
> RDN Must use one of the name forms specified in Section 3.1.1 of the Common
> Certificate Policy.
>
>    Please see page 13 of Common_Policy_Framework.pdf (Section 3.1.1 of the
> Common Certificate Policy).
>
>      Devices that are the subject of certificates issued under this policy
> shall be assigned either a geo-political name or an Internet domain
> component name. Device names shall take one of the following forms:
> · C=US, o=U.S. Government, [ou=department], [ou=agency],
> [ou=structural_container], cn=device name · dc=gov, dc=org0, [dc=org1], …,
> [dc=orgN], [ou=structural_container], [cn=device name] · dc=mil, dc=org0,
> [dc=org1], …, [dc=orgN], [ou=structural_container], [cn=device name]
>
>     where device name is a descriptive name for the device. Where a device
> is fully described by the Internet domain name, the common name attribute
> is optional.
>
>     Please note that the first name form is X.500 name form, and the first
> name form should not have State or Province Name or Locality Name. For
> example, the United States Federal Department of the Treasury 's Server's
> DN in accordance with the Common Certificate Policy rules should be C = US,
> O = US Government, OU = Department of the Treasury, CN=FQDN of Department
> of the Treasury 's Server.
>
>      Imagine if the DN in accordance with SSL BR named C = US, L =
> Washington DC, O = US Government, OU = Department of the Treasury,CN=FQDN
> of Department of the Treasury 's Server or C = US, L = Washington S=DC, O =
> US Government, OU = Department of the Treasury, CN=FQDN of Department of
> the Treasury 's Server or C = US, S = Washington DC, O = US Government, OU
> = Department of the Treasury, CN=FQDN of Department of the Treasury 's
> Server,   these DN will make people feel very wrong.
>
>
> 2.      If possible, I hope another session maybe on Oct.,20 to discuss
> about browser to change their code to for UI for Subject DN. For example,
> could below partial DN of detailed information of
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.
> com_&d=DQIFaQ&c=19TEyCb-E0do3cLmFgm9ItTXlbGQ5gmhRAlAtE256go&
> r=v6QfMBgWaMWhsB_PpBwwzxPtUwSffCWXSAR0gp0RFbY&m=
> cuXKKt8ojXzcM3d9C5F_kkk9LLlwA0j2QpHLjNkWGrk&s=WqtA3B3XPHRB9h
> -ACLSVb1nMQUB62nU_g6eH8awyMG8&e=  EV SSL certificate
>
>
> 1.3.6.1.4.1.311.60.2.1.2 = Delaware
> 1.3.6.1.4.1.311.60.2.1.3 = US
> 2.5.4.15 = Private Organization
>
> Change to
>
> Jurisdiction of Incorporation State or Province = Delaware Jurisdiction of
> Incorporation Country= US Business Category= Private Organization
>
>   I think it will be helpful for relying party to see the detailed
> information of this EV SSL certificate.
>
>    Also there are another issue about EVGL 9.2.5 to use a Microsoft
> registered OID that we discussed as attached word file.
>
> Sincerely Yours,
>
>          Li-Chun CHEN
>
>
>
>
> 本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利用本信件內容,並請銷毀此信件.
> 如為指定收件者,應確實保護郵件中本公司之營業機密及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性
> ,以共同善盡資訊安全與個資保護責任.
> Please be advised that this email message (including any attachments)
> contains confidential information and may be legally privileged. If you are
> not the intended recipient, please destroy this message and all attachments
> from your system and do not further collect, process, or use them. Chunghwa
> Telecom and all its subsidiaries and associated companies shall not be
> liable for the improper or incomplete transmission of the information
> contained in this email nor for any delay in its receipt or damage to your
> system. If you are the intended recipient, please protect the confidential
> and/or personal information contained in this email with due care. Any
> unauthorized use, disclosure or distribution of this message in whole or in
> part is strictly prohibited. Also, please self-inspect attachments and
> hyperlinks contained in this email to ensure the information security and
> to protect personal information.
>
>
> NOTICE: Protiviti is a global consulting and internal audit firm composed
> of experts specializing in risk and advisory services. Protiviti is not
> licensed or registered as a public accounting firm and does not issue
> opinions on financial statements or offer attestation services. This
> electronic mail message is intended exclusively for the individual or
> entity to which it is addressed. This message, together with any
> attachment, may contain confidential and privileged information. Any views,
> opinions or conclusions expressed in this message are those of the
> individual sender and do not necessarily reflect the views of Protiviti
> Inc. or its affiliates. Any unauthorized review, use, printing, copying,
> retention, disclosure or distribution is strictly prohibited. If you have
> received this message in error, please immediately advise the sender by
> reply email message to the sender and delete all copies of this message.
> Thank you.
>
>
> 本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利用本信件內容,並請銷毀此信件.
> 如為指定收件者,應確實保護郵件中本公司之營業機密及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性
> ,以共同善盡資訊安全與個資保護責任.
> Please be advised that this email message (including any attachments)
> contains confidential information and may be legally privileged. If you are
> not the intended recipient, please destroy this message and all attachments
> from your system and do not further collect, process, or use them. Chunghwa
> Telecom and all its subsidiaries and associated companies shall not be
> liable for the improper or incomplete transmission of the information
> contained in this email nor for any delay in its receipt or damage to your
> system. If you are the intended recipient, please protect the confidential
> and/or personal information contained in this email with due care. Any
> unauthorized use, disclosure or distribution of this message in whole or in
> part is strictly prohibited. Also, please self-inspect attachments and
> hyperlinks contained in this email to ensure the information security and
> to protect personal information.
>
>
>


-- 
Eric Mill
Senior Advisor on Technology
Technology Transformation Service, GSA
eric.mill at gsa.gov, +1-617-314-0966
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/policyreview/attachments/20161016/3a6bf248/attachment-0001.html>

More information about the Policyreview mailing list