[cabfpub] FW: [cabfquest] CP Working Group Participation

Robin Alden robin at comodo.com
Mon Sep 15 17:05:26 UTC 2014

Hi Dean, Li Chun,

                I shall be there for the meeting, and wrote this while

It seems to me that although Li Chun has pointed out a valid issue on pages
2 through 6 - that some countries are not separated into states or provinces
- I think the suggested modification of the BRs to allow the omission of
BOTH localityName and stateOrProvinceName from the subject of a certificate
that includes an organizationName in the subject (aka an OV certificate)
permits a general reduction in the degree of detail in the subject of an OV
certificate which is undesirable.

The current wording of the BRs and draft Code-signing requirements is
already intended to deal with this situation where a stateOrProvinceName is
not always available.

The localityName field is usually used to hold the name of the village,
town, or city in which the subject entity resides.

Two things strike me from this suggested modification:

1)      That some of the countries in the list on page 2 of the PowerPoint
document definitely have place names (village/town/city) which fit well into
the localityName field; and

2)      That if there are a subset of the countries on page 2 which do not
have any internal postal address structure beyond the street address and
country code then those countries should be specifically enumerated in the
BRs so that we do not unintentionally permit addresses which are more
ambiguous than they need to be.

Another possible means to achieve the desirable aspects of this change might
be, in addition to the wording proposed in the slides, to introduce an
obligation on the CA to include in an OV certificate the detail (e.g. to
include the localityName) where it exists.  This would be something that an
auditor could test for.

If I haven’t already made it clear, my concern is that if the BRs were
amended as suggested on slides 2 through 6, a CA could issue a certificate
with a subject of:

O=Smith’s Builders

Street=125 Main Street


  And claim BR compliance while using a partial address which in many cases
would not adequately identify the subject.

although I have to admit that the BR’s today permit:

O=Smith’s Builders

Street=125 Main Street



which isn’t much better because the STATE is omitted where it should always
be present for US addresses.


From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Dean Coclin
Sent: 14 September 2014 21:09
To: public at cabforum.org
Subject: [cabfpub] FW: [cabfquest] CP Working Group Participation

Reposting this to the public list (from member Chungwa Telecom). For
discussion at the meeting this week. If anyone who is not attending has
comments, please chime in.


From: 陳立群
Sent: Sunday, September 14, 2014 8:37 PM
To: ben.wilson at digicert.com; Dean Coclin
Cc: 王文正; realsky at cht.com.tw; wgh at wosign.com
Subject: FW: [cabfquest] CP Working Group Participation

Dear Ben,Dean and Richard

         Attached file is about  correcting of documents of CA/Browser
Forum. Please arrange to discuss it.

         I am looking forward to see you soon in Beijing.

Sincerely Yours,

                             Li-Chun CHEN


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140916/ceb93a8d/attachment-0003.html>

More information about the Public mailing list