[cabfpub] ISO 3166-1 country codes

Rich Smith richard.smith at comodo.com
Tue Jul 31 16:45:10 UTC 2012



From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Erwann Abalea
Sent: Tuesday, July 31, 2012 11:58 AM

On the same subject, same location, other certificates.

Last year Kosovo deployed biometric passports (ICAO MRTD and EAC) obviously
for internal use only, and they choosed "KS" as the alpha-2 country code.
This country code is present in CSCA root certificate and in DS

"KS" is declared as free for assignment by ISO 3166/MA only.
While they're practically free to use anything they want in their private
certificates, I don't recommend using "KS" for public facing certificates.
And I'm not in favor of allowing "XK" for EV certificates.

[RWS] I disagree on this.  Our CA is incorporated and operating in
jurisdictions (US and UK) which fully recognize the sovereignty of the
Republic of Kosovo.  As such, I don't see any reason, either from my
perspective, or that of the customer, to be forced to put in Serbia in an EV
certificate.  It is incorrect and inaccurate as far as we are concerned.  As
per the laws of the jurisdictions to which I and the customer are subject
both the country AND the government entity legally exist.  It should also be
noted that the UK Home Office is using ISO 3166 alpha 3: XXK as a designator
for Kosovo.


Le 31/07/2012 12:17, William Madell a écrit :

Agreed – the CABF can decide to use ‘XK’ as its user-assigned country code
for Kosovo within the context of the BRs (perhaps, also in the context of


As Erwann recommends, the CABF should publicly document that decision – I
suggest as either an erratum or appendix to the BRs.




From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Erwann Abalea
Sent: 31 July 2012 10:46
To: public at cabforum.org
Subject: Re: [cabfpub] ISO 3166-1 country codes


Nice question.

XK being one of the "user-assigned code elements", it can therefore be
freely used wherever you want, and it won't be used in any update of the
o-3166.htm#Reserved-code-elements is pretty clear on the purpose and limits
of the user-assigned codes.
Faced with such a request, I'd also tend to approve it, publicly document
the use of "XK" code to designate "Kosovo", and notify the ISO-3166/MA of
the use of this code.

EU hasn't recognized Kosovo as an independant nation, it's strange that XK
is used by the EC.


Le 30/07/2012 22:39, Rich Smith a écrit :

I've come across an edge case that I'd like to get some discussion on.


We have received a request for a customer in Kosovo, which the two
jurisdictions to which we are subject (US and UK) recognize as a sovereign
country.  However because there is still some wrangling going on in the UN,
Kosovo does not at this time have an official ISO 3166 country code.


I came across some information that the European Commission, Switzerland,
and the Deutsche Bundesbank among others are temporarily using XK as a
designator for Kosovo.  Any thought as to whether or not doing the same in a
certificate would be in compliance with Section 9.2.5 of the BRs?


9.2.5      Subject Country Name Field

Certificate Field:  subject:countryName (OID:

Required/Optional:  Optional

Contents:  If the subject:countryName field is present, then the CA SHALL
verify the country associated with the Subject in accordance with Section
11.2.5 and use its two-letter ISO 3166-1 country code.


Since XK is set aside by the ISO as user assigned, I tend to lean toward
allowing it, but I also think that we should probably decide as a group so
that we all (at least all in jurisdictions which recognize Kosovo) treat
Kosovo in a uniform fashion.  Thoughts?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20120731/4de70934/attachment-0004.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6391 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20120731/4de70934/attachment-0004.bin>

More information about the Public mailing list