[cabfpub] An appliacnt in Direct-controlled municipality (Special municipality ) or in small countries without State/Province with EVGL Version 1.6.0 section 9.2.7

陳立群 realsky at cht.com.tw
Thu Aug 11 08:59:42 UTC 2016


In EVGL section 9.2.7,

 

9.2.7. Subject Physical Address of Place of Business Field

Certificate fields:

Number and street: subject:streetAddress (OID: 2.5.4.9)

City or town: subject:localityName (OID: 2.5.4.7)

State or province (where applicable): subject:stateOrProvinceName (OID: 2.5.4.8)

Country: subject:countryName (OID: 2.5.4.6)

Postal code: subject:postalCode (OID: 2.5.4.17)

Required/Optional: City, state, and country – Required; Street and postal code – Optional

Contents: This field MUST contain the address of the physical location of the Subject’s Place of Business.

 

     I suggest to amend above paragraph  about “state is required” for the address of Subject’s place of Business for small countries without State/Province and Direct-controlled municipality  (Special municipality ).

 

 

 

 

Li-Chun CHEN

                    Deputy Senior Engineer

                    CISSP, CISA, CISM, PMP,

                    Information & Communication Security Dept.

                    Data Communication Business Group

                    Chunghwa Telecom Co. Ltd.

                    realsky at cht.com.tw

                    +886-2-2344-4820#4025

 

 

From: 陳立群 [mailto:realsky at cht.com.tw] 
Sent: Thursday, August 11, 2016 4:05 PM
To: 'CABFPub'
Subject: [cabfpub] An appliacnt in Direct-controlled municipality (Special municipality ) or in small countries without State/Province with EVGL Version 1.6.0 section 9.2.5 

 

 

  In last CP working group call, I have pointed out a question about an entity in Special municipality with EVGL version 1.6.0  section 9.2.5. I think we can discuss

in today’s CP working group call or discussion in the mailing list. 

 

In Section 9.25, the jurisdiction for the applicable Incorporating Agency or Registration Agency at the locality level MUST include the country and state or province information, where the state or province regulates the registration of the entities at the locality level, as well as the locality information. Country information MUST be specified using the applicable ISO country code. State or province or locality information (where applicable) for the Subject’s Jurisdiction of Incorporation or Registration MUST be specified using the full name of the applicable jurisdiction.

 

     But business entity such as “ABC store” in Taipei city . Taipei city is a special municipality (Direct-controlled municipality), so the Subject DN will be

 

 

CN =ABC Store's FQDN

O = ABC Store

L = Taipei City

C = TW

PostalCode = 10001

STREET = ABC Store's street Address

SERIALNUMBER = ABC Store's uniform number of tax status

1.3.6.1.4.1.311.60.2.1.1 = Taipei City

1.3.6.1.4.1.311.60.2.1.2 = 

1.3.6.1.4.1.311.60.2.1.3 = TW

2.5.4.15 = Business entity

 

  As the rank of Taipei City, in current law and EVGL, I don’t know how to give the value for 1.3.6.1.4.1.311.60.2.1.2 (jurisdictionStateOrProvinceName) attribute

 

   In  https://en.wikipedia.org/wiki/Direct-controlled_municipality, there are 11 countries have Direct-controlled municipalities. I doubt there will be the same problem. 

   More information can be find in  https://zh.wikipedia.org/wiki/%E7%9B%B4%E8%BE%96%E5%B8%82, but they were written in traditional Chinese, may be you could use Google online translation.

 

The issue will also appears in small countries without State/Province like Taiwan and Singapore, etc. 

 

   I think the problem should be considered with the relief of BR section 7.1.4.2.2. (Subject Distinguished Name Fields ) d/e together. 

 

   Full paragraph of current EVGL Version 1.6.0 are as below: 

 

9.2.5. Subject Jurisdiction of Incorporation or Registration Field

 

Certificate fields:

Locality (if required):subject:jurisdictionLocalityName (OID: 1.3.6.1.4.1.311.60.2.1.1)

   ASN.1 - X520LocalityName as specified in RFC 5280

State or province (if required):

subject:jurisdictionStateOrProvinceName (OID: 1.3.6.1.4.1.311.60.2.1.2)

   ASN.1 - X520StateOrProvinceName as specified in RFC 5280

Country:subject:jurisdictionCountryName (OID: 1.3.6.1.4.1.311.60.2.1.3)

   ASN.1 – X520countryName as specified in RFC 5280

Required/Optional: Required

Contents: These fields MUST NOT contain information that is not relevant to the level of the Incorporating

Agency or Registration Agency. For example, the Jurisdiction of Incorporation for an Incorporating Agency or Jurisdiction of Registration for a Registration Agency that operates at the country level MUST include the country information but MUST NOT include the state or province or locality information. Similarly, the jurisdiction for the applicable Incorporating Agency or Registration Agency at the state or province level MUST include both

country and state or province information, but MUST NOT include locality information. And, the jurisdiction for

the applicable Incorporating Agency or Registration Agency at the locality level MUST include the country and

state or province information, where the state or province regulates the registration of the entities at the locality level, as well as the locality information. Country information MUST be specified using the applicable ISO

country code. State or province or locality information (where applicable) for the Subject’s Jurisdiction of

Incorporation or Registration MUST be specified using the full name of the applicable jurisdiction.

 

Li-Chun CHEN

                    Deputy Senior Engineer

                    CISSP, CISA, CISM, PMP,

                    Information & Communication Security Dept.

                    Data Communication Business Group

                    Chunghwa Telecom Co. Ltd.

                    realsky at cht.com.tw

                    +886-2-2344-4820#4025

 



本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利用本信件內容,並請銷毀此信件. 如為指定收件者,應確實保護郵件中本公司之營業機密及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性,以共同善盡資訊安全與個資保護責任. 
Please be advised that this email message (including any attachments) contains confidential information and may be legally privileged. If you are not the intended recipient, please destroy this message and all attachments from your system and do not further collect, process, or use them. Chunghwa Telecom and all its subsidiaries and associated companies shall not be liable for the improper or incomplete transmission of the information contained in this email nor for any delay in its receipt or damage to your system. If you are the intended recipient, please protect the confidential and/or personal information contained in this email with due care. Any unauthorized use, disclosure or distribution of this message in whole or in part is strictly prohibited. Also, please self-inspect attachments and hyperlinks contained in this email to ensure the information security and to protect personal information.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160811/8ca40df3/attachment-0002.html>


More information about the Public mailing list