[cabfpub] IV OID Ballot 150

Dean Coclin Dean_Coclin at symantec.com
Tue Jul 21 11:16:05 MST 2015


Doug,
Since the OID is optional, there will be no date in the ballot.

ALL,
We are going to pull the ballot for a week to fix a couple of additional
comments received. I will advise once it's back up for voting.  Thank you,

Dean

-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Doug Beattie
Sent: Friday, July 17, 2015 10:24 AM
To: public at cabforum.org
Subject: Re: [cabfpub] IV OID Ballot 150

Is there an expected date for when CAs MUST start using this new OID (and
perhaps givenName/surname vs. organizationName) if they issue SSL
certificates to individuals?   If so, we should include the effective date
for this in the ballot.  If there is no date, then can CAs continue to issue
SSL certificates to individuals following the current practices indefinitely
(ignore MS requirements for a minute as I'm sure we're all negotiating
different schedules with them for compliance with their new Root agreement).

Doug

> -----Original Message-----
> From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org]
> On Behalf Of Rob Stradling
> Sent: Friday, July 17, 2015 7:26 AM
> To: public at cabforum.org
> Subject: Re: [cabfpub] IV OID Ballot 150
> 
> On 17/07/15 07:48, Adriano Santoni wrote:
>  > Hi all,
>  >
>  > whether these OIDs are actually "optional" is arguable, given that  
> > Microsoft is going to require CAs to include them in certificates.....
>  > They will be... "virtually optional" :)
> 
> Precisely. In practical terms, the IV OID will be mandatory.
> 
> If we're going to require givenName/surname and forbid 
> organizationName, then it makes sense to do it at the same time as 
> introducing the new IV OID. Then, application writers will be able to 
> write code to enforce the rule that Subject.organizationName MUST NOT 
> appear in a cert that includes the IV OID.
> 
> If, instead, there is a time period during which it's legal to put 
> Subject.organizationName into an IV cert, and then we subsequently 
> make this forbidden, it'll be harder to enforce this rule in application
code.
> 
> Jeremy, I'll propose that ballot once I've seen the final wording for 
> ballot 150.
> 
> --
> Rob Stradling
> Senior Research & Development Scientist COMODO - Creating Trust Online
> 
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5747 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20150721/ba01a922/attachment.bin 


More information about the Public mailing list