[cabfpub] IV OID Ballot 150

Jeremy Rowley jeremy.rowley at digicert.com
Fri Jul 17 20:49:26 UTC 2015

CAB Forum doesn't produce rules for application code. 

-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Rob Stradling
Sent: Friday, July 17, 2015 5:26 AM
To: public at cabforum.org
Subject: Re: [cabfpub] IV OID Ballot 150

On 17/07/15 07:48, Adriano Santoni wrote:
 > Hi all,
 > whether these OIDs are actually "optional" is arguable, given that  > Microsoft is going to require CAs to include them in certificates.....
 > They will be... "virtually optional" :)

Precisely. In practical terms, the IV OID will be mandatory.

If we're going to require givenName/surname and forbid organizationName, then it makes sense to do it at the same time as introducing the new IV OID. Then, application writers will be able to write code to enforce the rule that Subject.organizationName MUST NOT appear in a cert that includes the IV OID.

If, instead, there is a time period during which it's legal to put Subject.organizationName into an IV cert, and then we subsequently make this forbidden, it'll be harder to enforce this rule in application code.

Jeremy, I'll propose that ballot once I've seen the final wording for ballot 150.

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

Public mailing list
Public at cabforum.org

More information about the Public mailing list