[cabfpub] Ballot [88] - BR_9_2_4_Errata-ISO3166

Ben Wilson ben at digicert.com
Wed Sep 5 23:17:52 UTC 2012



This proposal was reviewed and discussed previously as Ballot 86, which was
pulled from voting so that we could clarify the language.  Therefore, the
seven-day voting period will re-start and will close at 24:00 UTC on 12
September 2012.   As an experiment, the markup used below is based on the
CABForum's wiki formatting (MoinMoin Wiki Syntax).  "__" means begin and end
inserted language and "--" means begin and end deleted language.  A redlined
PDF is also attached for review.


Jeremy Rowley made the following motion and Rick Andrews and Rich Smith
endorsed it:


... Motion begins...


Effective immediately


... Erratum begins ...


1.      Add a new Definition: __Country: Either a member of the United
Nations OR a geographic region recognized as a sovereign nation by at least
two UN member nations.__


2.      Modify the following sections as indicated below:


9.2 Subject Information


By issuing the Certificate, the CA represents that it followed the procedure
set forth in its Certificate Policy and/or Certification Practice Statement
to verify that, as of the Certificate's issuance date, all of the Subject
Information was accurate. __CAs SHALL NOT include a Domain Name in a Subject
attribute except as specified in Sections 9.2.1 and 9.2.2 below.__


9.2.4 Subject --(Organization)-- __Distinguished__ Name Field__s__


__a.__  Certificate Field--(s)--:


. --(Organization name:)-- __subject:__organizationName (OID


__Optional. __


__Contents:  If present, the subject:organizationName field MUST contain
either the Subject's name or DBA as verified under Section 11.2. The CA may
include information in this field that differs slightly from the verified
name, such as common variations or abbreviations, provided that the CA
documents the difference and any abbreviations used are locally accepted
abbreviations; e.g., if the official record shows "Company Name
Incorporated", the CA MAY use "Company Name Inc." or "Company Name".
Because Subject name attributes for individuals (e.g. givenName (
and surname ( are not broadly supported by application software,
the CA MAY use the subject:organizationName field to convey a natural person
Subject's name or DBA. __


__b.__      __Certificate Field:__ subject:streetAddress (OID:


__'''Optional''' if the subject:organizationName field is present. __


__'''Prohibited''' if the subject:organizationName field is absent.




__Contents: If present, the subject:streetAddress field MUST contain the
Subject's street address information as verified under Section 11.2. __


__c. __


. --(City or town)-- __Certificate Field__: subject:localityName (OID:


__'''Required''' if the subject:organizationName field is present and the
subject:stateOrProvinceName field is absent. __


__'''Optional''' if the subject:organizationName field and
subject:stateOrProvinceName fields are present. __


__'''Prohibited''' if the subject:organizationName field is absent.




__Contents:  If present, the subject:localityName field MUST contain the
Subject's locality information as verified under Section 11.2.  If the
subject:countryName field specifies the ISO 3166-1 user-assigned code of XX
in accordance with Section 9.2.5, the localityName field MAY contain the
Subject's locality and/or state or province information as verified under
Section 11.2. __


__d.      Certificate Field:__ --(State or province (where applicable))--
subject:stateOrProvinceName (OID:


__'''Required''' if subject:organizationName field is present and
subject:localityName field is absent. __


__'''Optional''' if subject:organizationName and subject:localityName fields
are present. __


__'''Prohibited''' if subject:organizationName field is absent.




__ __


__Contents:  If present, the subject:stateOrProvinceName field MUST contain
the Subject's state or province information as verified under Section 11.2.
If the subject:countryName field specifies the ISO 3166-1 user-assigned code
of XX in accordance with Section 9.2.5, the subject:stateOrProvinceName
field MAY contain the full name of the Subject's country information as
verified under Section 11.2.5.__


--(Country subject:countryName (OID: 2.5.46))--


__e.      Certificate Field: subject:postalCode (OID: __


__'''Optional''' if subject:organizationName field is present. __


__'''Prohibited''' if subject:organizationName field is absent. __




__Contents:  If present, the subject:postalCode field MUST contain the
Subject's zip or postal information as verified under Section 11.2.__


9.2.5   Subject Country Name Field


Certificate Field: subject:countryName (OID:


--(Required/Optional: )----(Optional.)-- __ __


__'''Required''' if the subject:organizationName field is present. __


__'''Optional''' if the subject:organizationName field is absent.__


Contents:  If the --(subject:countryName field is present, then the CA SHALL
verify the country associated with the Subject in accordance with Section
11.2.5 and use its two-letter ISO 3166-1 country code)--   __
subject:organizationName field is present, the subject:countryName MUST
contain the two-letter ISO 3166-1 country code associated with the location
of the Subject verified under Section 11.2. If the subject:organizationName
field is absent, the subject:countryName field MAY contain the two-letter
ISO 3166-1 country code associated with the Subject as verified in
accordance with Section 11.2.5.  If a Country is not represented by an
official ISO 3166-1 country code, the CA MAY specify the ISO 3166-1
user-assigned code of XX indicating that an official ISO 3166-1 alpha-2 code
has not been assigned.__


3.      Change the heading of Section 9.2.6 as follows:


9.2.6  --( Other)-- Subject __Organizational Unit Field __--(Attributes )--


4.      Replace the following sentences of Section 9.2.6:


--(With the exception of the subject:organizationalUnitName (OU) attribute,
optional attributes, when present within the subject field, MUST contain
information that has been verified by the CA.  Metadata such as '.', '-',
and ' ' (i.e. space) characters, and/or any other indication that the value
is absent, incomplete, or not applicable, SHALL NOT be used. CAs SHALL NOT
include Fully-Qualified Domain Names in Subject attributes except as
specified in Sections 9.2.1 and 9.2.2, above.)--




__Certificate Field: subject:organizationalUnitName __




5.      Add Section 9.2.7:


__9.2.7 Other Subject Attributes__


__All other optional attributes, when present within the subject field, MUST
contain information that has been verified by the CA.  Optional attributes
MUST NOT contain metadata such as '.', '-', and ' ' (i.e. space) characters,
and/or any other indication that the value is absent, incomplete, or not


.... Erratum ends ...


The review period for this ballot already occurred when it was presented as
Ballot 86.  Therefore, the voting period will start immediately and will
close at 24:00 UTC on 12 September 2012. Votes must be cast by posting an
on-list reply to this thread.


... Motions ends ...


A vote in favor of the motion must indicate a clear 'yes' in the response.


A vote against must indicate a clear 'no' in the response. A vote to abstain
must indicate a clear 'abstain' in the response. Unclear responses will not
be counted. The latest vote received from any representative of a voting
member before the close of the voting period will be counted.


Voting members are listed here:  <http://www.cabforum.org/forum.html>


In order for the motion to be adopted, two thirds or more of the votes cast
by members in the CA category and one half or more of the votes cast by
members in the browser category must be in favor. Also, at least seven
members must participate in the ballot, either by voting in favor, voting
against or abstaining.


__ __

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20120905/03dca9fe/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: BRv.1.0-Ballot 88.pdf
Type: application/pdf
Size: 32843 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20120905/03dca9fe/attachment-0003.pdf>

More information about the Public mailing list