[cabfpub] Ballot [86] - BR 9.2.4 Errata plus ISO-3166 country names

Ben Wilson ben at digicert.com
Mon Aug 20 22:06:00 UTC 2012


Ballot 86 is up for vote.

 

From: management-bounces at cabforum.org
[mailto:management-bounces at cabforum.org] On Behalf Of Jeremy Rowley
Sent: Wednesday, August 15, 2012 4:51 PM
To: management at cabforum.org
Subject: [cabfman] Ballot for BR errata

 

Hi everyone, 

 

This ballot amends section 9.2 of the baseline requirements to clarify the
contents of certificates containing organization information and add support
for countries that are not yet assigned an ISO3166 designation.  For
reference purposes, the changes proposed by the ballot are shown in the
attached PDF.

Jeremy

-------------------------------------

Jeremy Rowley made the following motion and Dean Coclin and Eddy Nigg
endorsed it:

... Motion begins...

Effective immediately

... Erratum begins ...

1.	Add a new Definition:

Country: Either a member of the United Nations OR a geographic region
recognized as a sovereign nation by at least two UN member nations.

 

2.	Modify the following sections as indicated below:

 

9.2 Subject Information 

By issuing the Certificate, the CA represents that it followed the procedure
set forth in its Certificate Policy and/or Certification Practice Statement
to verify that, as of the Certificate's issuance date, all of the Subject
Information was accurate. CAs SHALL NOT include a Domain Name in a Subject
attribute except as specified in Sections 9.2.1 and 9.2.2 below.

 

9.2.4 Subject Organization Name Field 

The CA may include information in the following fields that have minor
discrepancies compared to the verified information, such as common
variations and abbreviations, provided that the CA documents the discrepancy
and any abbreviations used are locally accepted abbreviations; e.g., if the
official record shows "Company Name Incorporated", the CA MAY include
"Company Name Inc." or  "Company Name". 

 

a.       Certificate Fields: subject:organizationName (OID 2.5.4.10) 

Required/Optional: Optional

Contents:  If present, the subject:organizationName field MUST contain
either the Subject's name or DBA as verified under Section 11.2.  Because
Subject name attributes for individuals (e.g. givenName (2.5.4.42) and
surname (2.5.4.4)) are not broadly supported by application software, the CA
MAY use the subject:organizationName field to convey a natural person
Subject's name or DBA.  

 

b.       Certificate Field: subject:streetAddress (OID: 2.5.4.9)  

Required/Optional: The subject:streetAddress field is optional if the
subject:organizationName field is present.  The subject:streetAddress field
MUST be absent if the subject:organizationName field is absent.
Contents: If present, the subject:streetAddress field MUST contain the
Subject's street address information as verified under Section 11.2.

 

c.       Certificate Field: subject:localityName (OID: 2.5.4.7)  

Required/Optional: The subject:localityName field is required if the
subject:organizationName field is present but the
subject:stateOrProvinceName field is absent and optional if both the
subject:organizationName field and subject:stateOrProvinceName fields are
present. The subject:localityName field MUST be absent if the
subject:organizationName field is absent.

Contents:  If present, the subject:localityName field MUST contain the
Subject's locality information as verified under Section 11.2.  If the
subject:countryName field specifies the ISO 3166-1 user-assigned code of XX
in accordance with Section 9.2.5, the localityName field MAY contain the
Subject's locality and/or state or province information as verified under
Section 11.2.

 

d.       Certificate Field: subject:stateOrProvinceName (OID: 2.5.4.8)  

Required/Optional: The subject:stateOrProvinceName is required if the
subject:organizationName field is present, but the subject:localityName
field is absent and optional if both the subject:organizationName field and
subject:localityName fields are present.  The subject:stateOrProvinceName
MUST be absent if the subject:organizationName field is absent.

Contents:  If present, the subject:stateOrProvinceName field MUST contain
the Subject's state or province information as verified under Section 11.2.
If the subject:countryName field specifies the ISO 3166-1 user-assigned code
of XX in accordance with Section 9.2.5, the subject:stateOrProvinceName
field MAY contain the full name of the Subject's country information as
verified under Section 11.2.5.

 

e.       Certificate Field: subject:postalCode (OID: 2.5.4.17) 

Required/Optional: The subject:postalCode field is optional if the
subject:organizationName field is present.  The subject:postalCode field
MUST be absent if the subject:organizationName field is absent.

Contents:  If present, the subject:postalCode field MUST contain the
Subject's zip or postal information as verified under Section 11.2

 

9.2.5       Subject Country Name Field 

Certificate Field: subject:countryName (OID: 2.5.4.6)

Required/Optional: The subject:countryName field is required if the
subject:organizationName field is present and optional if the
subject:organizationName field is absent.

Contents:  If the subject:organizationName field is present, the
subject:countryName MUST contain the two-letter ISO 3166-1 country code
associated with the location of the Subject verified under Section 11.2. If
the subject:organizationName field is absent, the subject:countryName field
MAY contain the two-letter ISO 3166-1 country code associated with the
Subject as verified in accordance with Section 11.2.5.  If a Country is not
represented by an official ISO 3166-1 country code, the CA MAY specify the
ISO 3166-1 user-assigned code of XX indicating that an official ISO 3166-1
alpha-2 code has not been assigned.

 

3.	Change the heading of Section 9.2.6 to: 

 

9.2.6   Subject Organizational Name Field 

 

4.	Replace the following sentences of Section 9.2.6: 

 

With the exception of the subject:organizationalUnitName (OU) attribute,
optional attributes, when present within the subject field, MUST contain
information that has been verified by the CA.  Metadata such as '.', '-',
and ' ' (i.e. space) characters, and/or any other indication that the value
is absent, incomplete, or not applicable, SHALL NOT be used. CAs SHALL NOT
include Fully-Qualified Domain Names in Subject attributes except as
specified in Sections 9.2.1 and 9.2.2, above

 

With: 

Certificate Field: subject:organizationalUnitName

Required/Optional: Optional

 

5.	Add Section 9.2.7: 

 

9.2.7 Other Subject Attributes 

All other optional attributes, when present within the subject field, MUST
contain information that has been verified by the CA.  Optional attributes
MUST NOT contain metadata such as '.', '-', and ' ' (i.e. space) characters,
and/or any other indication that the value is absent, incomplete, or not
applicable. 

.... Erratum ends ...

The ballot review period comes into effect at 21:00 UTC on 16 Aug 2012 and
will close at 21:00 UTC on 23 Aug 2012. Unless the motion is withdrawn
during the review period, the voting period will start immediately
thereafter and will close at 21:00 UTC on 30 August 2012. Votes must be cast
by posting an on-list reply to this thread.

... Motions ends ...

A vote in favor of the motion must indicate a clear 'yes' in the response.

A vote against must indicate a clear 'no' in the response. A vote to abstain
must indicate a clear 'abstain' in the response. Unclear responses will not
be counted. The latest vote received from any representative of a voting
member before the close of the voting period will be counted.

Voting members are listed here:

 <http://www.cabforum.org/forum.html> http://www.cabforum.org/forum.html

In order for the motion to be adopted, two thirds or more of the votes cast
by members in the CA category and one half or more of the votes cast by
members in the browser category must be in favor. Also, at least seven
members must participate in the ballot, either by voting in favor, voting
against or abstaining.

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20120820/da012e7d/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Digicert_BR_9_2_4_Errata_plus_ISO3166 - Aug 15 2012.pdf
Type: application/pdf
Size: 338385 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20120820/da012e7d/attachment-0003.pdf>


More information about the Public mailing list