[cabfpub] OIDs for DV and OV

Mon Nov 3 01:34:23 UTC 2014

Hi Erwann,

We faced this situation while we were doing the EV enabling in Firefox.
I think registering the IANA PEN OID for business entity is the good solution for by-pass the political issue.

Robin Lin (Wei Tsong Lin)
CSSLP
Project Manager
Research and Developing Department
TAIWAN-CA INC.
TEL£º+886-2-2370-8886 ext. 721
FAX£º+886-2-2370-0728
E-mail£ºrobin.lin at twca.com.tw<mailto:robin.lin at twca.com.tw>
[cid:image001.gif at 01CFF749.51B01040]
10th Floor, 85 Yenping South Road, 10043 Taipei, Taiwan
http://www.twca.com.tw<http://www.twca.com.tw/>

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Erwann Abalea
Sent: Thursday, October 30, 2014 10:10 PM
To: ÍõÎÄÕý; public at cabforum.org
Subject: Re: [cabfpub] OIDs for DV and OV

Bonjour Wen-Cheng,

The political situation of Taiwan complicates the OID arcs that depend on their recognition by UN (the 1.2.* and 2.16.* arcs).

ITU X.660 defines rules for OID registration:
 - under { iso(1) member-body(2) }, there's an integer taken from ISO3166-1 (the numeric country code), and this arc is assigned to the ISO national body of this country
 - under { joint-iso-itu-t(2) country(16) }, numeric-3 codes of ISO3166-1 are reserved and assigned to registration authorities choosen by the country's ITU member state and ISO national body

886 has never been the ISO 3166-1 numeric code of Taiwan (this code was attributed to Yemen).
886 is the telephone prefix code for Taiwan, that's all.

By comparison, France telephone prefix code is 33, but ISO3166-1 numeric code for France is 250. USA telephone country code is 1 (shared with Canada, Puerto Rico, and others), USA ISO3166-1 numeric code is 840.

Nobody is free to take whatever OID arc they find pleasant. We must all follow rules for certificate issuance, there are also rules for the OID space.

TWCA had the same problem for their EV OID, they were hijacking an OID under the 2.16.158 arc, refusing to request one from the official owner of this arc (TWRA). They were asked to request a dedicated arc under IANA PEN (1.3.6.1.4.1.40869).

Political status of Taiwan is unfortunate, but if CABForum is willing to adopt rules for OV/DV OIDs as it has done for EV, what you're asking for is to import those political issues into CABForum, and to adopt a bad behaviour that will surely become a legacy problem in the future. Since you're not issuing EV certificates at the moment, you have no problem to switch to a IANA PEN OID.

BTW, an official source of information for OID arcs is the www.oid-info.com<http://www.oid-info.com> site.

--

Erwann ABALEA

Le 30/10/2014 12:49, ÍõÎÄÕý a ¨¦crit :
Dear Erwann,

Indeed there are conflicts about which OID should Taiwan use due to very complicated political issues.
The truth is Taiwan government has already used 2.16.886 for many years. I do not think the CAB forum is willing to discuss political issues here. So why do we just leave it there unless the UN and the government decide to change the status.

[cid:image002.jpg at 01CFF749.51B01040]

Wen-Cheng Wang

From: public-bounces at cabforum.org<mailto:public-bounces at cabforum.org> [mailto:public-bounces at cabforum.org] On Behalf Of Erwann Abalea
Sent: Thursday, October 30, 2014 6:53 PM
To: public at cabforum.org<mailto:public at cabforum.org>
Subject: Re: [cabfpub] OIDs for DV and OV

Except that the 2.16.886 arc has never been assigned to Taiwan, so you cannot use it.

--

Erwann ABALEA

Le 29/10/2014 11:46, êÁ¢Èº a ¨¦crit :
Dear Dean,

     The OV OID used by Chunghwa Telecom Co., Ltd. is 2.16.886.1.1.100.0.3.

We will add CA/Browser Forum OV/DV OID to our SHA-2 intermediate CA and SHA-2 End Entity SSL Certificate about December. At present , Chunghwa Telecom Co., Ltd. does not issue DV SSL certificate.

±¾ÐÅ¼þ¿ÉÄÜ°üº¬ÖÐÈAëŠÐÅ¹É·ÝÓÐÏÞ¹«Ë¾™CÃÜÙYÓ,·ÇÖ¸¶¨Ö®ÊÕ¼þÕß,ÕˆÎðÉL¼¯¡¢ÌŽÀí»òÀûÓÃ±¾ÐÅ¼þƒÈÈÝ,KÕˆ äNš§´ËÐÅ¼þ. ÈçžéÖ¸¶¨ÊÕ¼þÕß,‘ª´_Œ±£×oà]¼þÖÐ±¾¹«Ë¾Ö® I˜I™CÃÜ¼°‚€ÈËÙYÁÏ,²»µÃÈÎÒâ‚÷Ñ»ò½ÒÂ¶,K‘ª×ÔÐÐ´_ÕJ±¾à]¼þÖ®¸½™nÅc³¬ßB½YÖ®°²È«ÐÔ,ÒÔ ¹²Í¬ÉÆ±MÙYÓ°²È«Åc‚€ÙY±£×oØŸÈÎ.
Please be advised that this email message (including any attachments) contains confidential information and may be legally privileged. If you are not the intended recipient, please destroy this message and all attachments from your system and do not further collect, process, or use them. Chunghwa Telecom and all its subsidiaries and associated companies shall not be liable for the improper or incomplete transmission of the information contained in this email nor for any delay in its receipt or damage to your system. If you are the intended recipient, please protect the confidential and/or personal information contained in this email with due care. Any unauthorized use, disclosure or distribution of this message in whole or in part is strictly prohibited. Also, please self-inspect attachments and hyperlinks contained in this email to ensure the information security and to protect personal information.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20141103/2efe9329/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 1915 bytes
Desc: image001.gif
URL: <http://lists.cabforum.org/pipermail/public/attachments/20141103/2efe9329/attachment-0002.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 37275 bytes
Desc: image002.jpg
URL: <http://lists.cabforum.org/pipermail/public/attachments/20141103/2efe9329/attachment-0002.jpg>