[cabfpub] IV OID Ballot 150
Rob Stradling
rob.stradling at comodo.com
Fri Jul 17 04:26:10 MST 2015
On 17/07/15 07:48, Adriano Santoni wrote:
> Hi all,
>
> whether these OIDs are actually "optional" is arguable, given that
> Microsoft is going to require CAs to include them in certificates.....
> They will be... "virtually optional" :)
Precisely. In practical terms, the IV OID will be mandatory.
If we're going to require givenName/surname and forbid organizationName,
then it makes sense to do it at the same time as introducing the new IV
OID. Then, application writers will be able to write code to enforce the
rule that Subject.organizationName MUST NOT appear in a cert that
includes the IV OID.
If, instead, there is a time period during which it's legal to put
Subject.organizationName into an IV cert, and then we subsequently make
this forbidden, it'll be harder to enforce this rule in application code.
Jeremy, I'll propose that ballot once I've seen the final wording for
ballot 150.
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
More information about the Public
mailing list