[cabfpub] OIDs for DV and OV
王文正
wcwang at cht.com.tw
Thu Oct 30 10:58:35 MST 2014
Dear Erwann,
I really don't want to waste mailing list bandwidth to discuss political issues here. However, there are some statements you wrote in your last reply need to be corrected.
1. Regarding the www.oid-info.com<http://www.oid-info.com/> site, it is clearly stated on its homepage that 'this OID repository is not an official registration authority for OIDs'.
2. The Taiwan country OID arcs should belong to Taiwan government. Speaking of OID hijack, the Taiwan OID arcs were orginally hijacked by Raymond Lee since 1998. Raymond Lee is actually a Hong Kong citizen and Taiwan government never nominated him as the registration authority of Taiwan OID arcs. Raymon Lee put some malicious description on the web pages of Taiwan OID arcs on purpose. Several years ago, Taiwan government had ever ask Raymond Lee to return back the Taiwan OID arcs, but Raymond Lee ask Taiwan government to pay him a lot of money if they want to take back the Taiwan OID arcs. Taiwan government of course refused the extort and sent an offical letter to ask the operator of the www.oid-info.com<http://www.oid-info.com/> site to cancel Raymond Lee right as registration authority of Taiwan OID arcs. Unfortunately, the operator of the www.oid-info.com<http://www.oid-info.com/> site did not take any action. Now, the Taiwan OID arcs on the www.oid-info.com<http://www.oid-info.com/> site are hijacked again by the Taiwan Registration and Certification Authority Inc. (your so-called TWRA). As far as I know, Taiwan government never nominated TWRA as the registration authority of Taiwan OID arcs. I can not even found company registration information of Taiwan Registration and Certification Authority Inc. in Taiwan.
I really don't know what is going on with the www.oid-info.com<http://www.oid-info.com/> site. Why do they allow Taiwan country OID arcs be hijacked and ignore Taiwan government's request to take back the country OID arcs?
My dear Erwann, if you know which person of the www.oid-info.com<http://www.oid-info.com/> site the Taiwan government should contact, please kindly let me know. I am sure Taiwan government will be glad to send an offical letter to that right person to take back the country OID arcs.
Wen-Cheng Wang
________________________________
¼Ä¼þÕß: Erwann Abalea [erwann.abalea at opentrust.com]
¼Ä¼þÈÕÆÚ: 2014Äê10ÔÂ30ÈÕ ÏÂÎç 10:10
ÊÕ¼þÕß: ÍõÎÄÕý; public at cabforum.org
Ö÷Ö¼: Re: [cabfpub] OIDs for DV and OV
Bonjour Wen-Cheng,
The political situation of Taiwan complicates the OID arcs that depend on their recognition by UN (the 1.2.* and 2.16.* arcs).
ITU X.660 defines rules for OID registration:
- under { iso(1) member-body(2) }, there's an integer taken from ISO3166-1 (the numeric country code), and this arc is assigned to the ISO national body of this country
- under { joint-iso-itu-t(2) country(16) }, numeric-3 codes of ISO3166-1 are reserved and assigned to registration authorities choosen by the country's ITU member state and ISO national body
886 has never been the ISO 3166-1 numeric code of Taiwan (this code was attributed to Yemen).
886 is the telephone prefix code for Taiwan, that's all.
By comparison, France telephone prefix code is 33, but ISO3166-1 numeric code for France is 250. USA telephone country code is 1 (shared with Canada, Puerto Rico, and others), USA ISO3166-1 numeric code is 840.
Nobody is free to take whatever OID arc they find pleasant. We must all follow rules for certificate issuance, there are also rules for the OID space.
TWCA had the same problem for their EV OID, they were hijacking an OID under the 2.16.158 arc, refusing to request one from the official owner of this arc (TWRA). They were asked to request a dedicated arc under IANA PEN (1.3.6.1.4.1.40869).
Political status of Taiwan is unfortunate, but if CABForum is willing to adopt rules for OV/DV OIDs as it has done for EV, what you're asking for is to import those political issues into CABForum, and to adopt a bad behaviour that will surely become a legacy problem in the future. Since you're not issuing EV certificates at the moment, you have no problem to switch to a IANA PEN OID.
BTW, an official source of information for OID arcs is the www.oid-info.com<http://www.oid-info.com/> site.
--
Erwann ABALEA
Le 30/10/2014 12:49, ÍõÎÄÕý a ¨¦crit :
Dear Erwann,
Indeed there are conflicts about which OID should Taiwan use due to very complicated political issues.
The truth is Taiwan government has already used 2.16.886 for many years. I do not think the CAB forum is willing to discuss political issues here. So why do we just leave it there unless the UN and the government decide to change the status.
[cid:part1.08030804.02040909 at opentrust.com]
Wen-Cheng Wang
From: public-bounces at cabforum.org<mailto:public-bounces at cabforum.org> [mailto:public-bounces at cabforum.org] On Behalf Of Erwann Abalea
Sent: Thursday, October 30, 2014 6:53 PM
To: public at cabforum.org<mailto:public at cabforum.org>
Subject: Re: [cabfpub] OIDs for DV and OV
Except that the 2.16.886 arc has never been assigned to Taiwan, so you cannot use it.
--
Erwann ABALEA
Le 29/10/2014 11:46, êÁ¢Èº a ¨¦crit :
Dear Dean,
The OV OID used by Chunghwa Telecom Co., Ltd. is 2.16.886.1.1.100.0.3.
We will add CA/Browser Forum OV/DV OID to our SHA-2 intermediate CA and SHA-2 End Entity SSL Certificate about December. At present , Chunghwa Telecom Co., Ltd. does not issue DV SSL certificate.
±¾Ðżþ¿ÉÄÜ°üº¬ÖÐÈAëŠÐŹɷÝÓÐÏÞ¹«Ë¾™CÃÜÙYÓ,·ÇÖ¸¶¨Ö®ÊÕ¼þÕß,ÕˆÎðÉL¼¯¡¢ÌŽÀí»òÀûÓñ¾ÐżþƒÈÈÝ,KÕˆ äNš§´ËÐżþ. ÈçžéÖ¸¶¨ÊÕ¼þÕß,‘ª´_Œ±£×oà]¼þÖб¾¹«Ë¾Ö® I˜I™CÃܼ°‚€ÈËÙYÁÏ,²»µÃÈÎÒâ‚÷Ñ»ò½Ò¶,K‘ª×ÔÐд_ÕJ±¾à]¼þÖ®¸½™nÅc³¬ßB½YÖ®°²È«ÐÔ,ÒÔ ¹²Í¬ÉƱMÙYÓ°²È«Åc‚€ÙY±£×oØŸÈÎ.
Please be advised that this email message (including any attachments) contains confidential information and may be legally privileged. If you are not the intended recipient, please destroy this message and all attachments from your system and do not further collect, process, or use them. Chunghwa Telecom and all its subsidiaries and associated companies shall not be liable for the improper or incomplete transmission of the information contained in this email nor for any delay in its receipt or damage to your system. If you are the intended recipient, please protect the confidential and/or personal information contained in this email with due care. Any unauthorized use, disclosure or distribution of this message in whole or in part is strictly prohibited. Also, please self-inspect attachments and hyperlinks contained in this email to ensure the information security and to protect personal information.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20141030/8281cd9f/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ATT00002.jpg
Type: image/jpeg
Size: 37275 bytes
Desc: ATT00002.jpg
Url : https://cabforum.org/pipermail/public/attachments/20141030/8281cd9f/attachment-0001.jpg
More information about the Public
mailing list