[cabfpub] Acceptable values for countryName
Robin Alden
robin at comodo.com
Thu Aug 4 13:08:10 UTC 2016
Hi Ben,
I think the introduction of the word territory to the BRs to
indicate that not only countries can be represented in the countryName field
is a good idea.
However, ISO 3166-1 doesn't call them territories. It handles the ambiguity
between countries and territories with its definition of 'country name'
which is:
"name of a country, dependency, or other area of particular geopolitical
interest"
I don't think the ISO-3166 definition of country name will work for us
without quite a lot of work to the guidelines, so how about
7.1.2.1.e and 7.1.2.2.h would say, "the ISO 3166-1 Alpha-2 code for the
country or territory in which the CA's place of business is located" and
7.1.4.2.2.g would say, "the ISO 3166-1 Alpha-2 code for the country or
territory associated with the Subject as verified in accordance with Section
3.2.2.3"?
Robin
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Rich Smith
Sent: 02 August 2016 20:14
To: public at cabforum.org
Subject: Re: [cabfpub] Acceptable values for countryName
That seems a sensible solution to me. If you were to draw up a motion, I'd
endorse.
-Rich
On 7/31/2016 6:43 PM, Ben Wilson wrote:
I think we should do something to make it more clear that you can use any
ISO 3166-1 country/territory code. What if we added "or territory code" to
sections 7.1.2.1.e, 7.1.2.2.h, and 7.1.4.2.g, so that 7.1.2.1.e and
7.1.2.2.h would say, "the two-letter ISO 3166-1 country code or territory
code for the country or territory in which the CA's place of business is
located" and 7.1.4.2.g would say, "the two-letter ISO 3166-1 country code
or territory code associated with the Subject as verified in accordance with
Section 3.2.2.3"?
-----Original Message-----
From: public-bounces at cabforum.org <mailto:public-bounces at cabforum.org>
[mailto:public-bounces at cabforum.org] On Behalf Of Peter Bowen
Sent: Sunday, July 24, 2016 9:58 PM
To: Erwann Abalea <mailto:Erwann.Abalea at docusign.com>
<Erwann.Abalea at docusign.com>; CABFPub <mailto:public at cabforum.org>
<public at cabforum.org>
Subject: [cabfpub] Acceptable values for countryName
I want to follow up on something Erwann said in a rather long thread.
On Jul 15, 2016, at 11:25 AM, Erwann Abalea
<mailto:Erwann.Abalea at docusign.com> <Erwann.Abalea at docusign.com> wrote:
That's in fact a list of ISO3166-1 codes. Not all of them are actual country
codes (ISO3166-1 lists country and territories) and are suitable for use in
DV/OV/EV certificates (see the definition of an acceptable country code in
the BR).
Among them:
. GF, GP, MQ, YT, RE are regions and departments of France (C=FR, and you
can put their name into the stateOrProvinceName attribute), and they are
even composed of cities (we have 6 administrative subdivision levels in
France, with more than 36000 cities, we're crazy)
. BV and SJ belong to Norway (C=NO), you can certainly put their name into
the stateOrProvinceName attribute
. FK, GI, GS, PN, VG are British Overseas Territories (some are disputed
either by Argentina or Spain, but still, C=UK)
. CX and NF are Australian territories (C=AU)
. FO is a constituent country of Denmark (C=DK), exactly like Scotland wrt
UK
. GU is a non incorporated territory of the United States of America
(C=US), just like Porto Rico
. GG, IM, JE are Crown dependancies, can possibly be considered as
countries (C=GG/IM/JE), but anyway have administrative subdivisions
The Baseline Requirements have a definition of "Country": "Either a member
of the United Nations OR a geographic region recognized as a sovereign
nation by at least two UN member nations." According to the UN, there are
193 member states (http://www.un.org/en/member-states/). There are two
non-member states which have permanent observer status - the Holy See and
the State of Palestine
(http://www.un.org/en/sections/member-states/non-member-states/). These are
assigned ISO 3166-1 alpha-2 codes of VA and PS respectively. Based on
Wikipedia (https://en.wikipedia.org/wiki/List_of_states_with_limited_recog
<https://en.wikipedia.org/wiki/List_of_states_with_limited_recognition#Non-U
N_member_states_recognised_by_at_least_one_UN_member_state>
nition#
<https://en.wikipedia.org/wiki/List_of_states_with_limited_recognition#Non-U
N_member_states_recognised_by_at_least_one_UN_member_state>
Non-UN_member_states_recognised_by_at_least_one_UN_member_state
<https://en.wikipedia.org/wiki/List_of_states_with_limited_recognition#Non-U
N_member_states_recognised_by_at_least_one_UN_member_state> ), with all
caveats that brings, there are five additional non-UN member states
recognized by at least two UN member states - the Republic of Abkhazia, the
Republic of China, the Republic of Kosovo, the Sahrawi Arab Democratic
Republic, and the Republic of South Ossetia. This appears to mean 200
states meet the definition of Country in the BRs.
However, section 7.1.4.2.2(g) of the BRs says:
"If the subject:organizationName field is present, the subject:countryName
MUST contain the two-letter ISO 3166-1 country code associated with the
location of the Subject verified under Section 3.2.2.1. If the
subject:organizationName field is absent, the subject:countryName field MAY
contain the two-letter ISO 3166-1 country code associated with the Subject
as verified in accordance with Section 3.2.2.3. If a Country is not
represented by an official ISO 3166-1 country code, the CA MAY specify the
ISO 3166-1 user-assigned code of XX indicating that an official ISO 3166-1
alpha-2 code has not been assigned."
In reading this, I'm not clear whether it is valid to use all 249 assigned
ISO 3166-1 alpha-2 codes in the countryName attribute or just the ones that
correspond to an entity meeting the BR definition of Country. This
ambiguity is because the term "Country" (capitalized) is only used in the
last sentence, while earlier uses say the field may contain a "ISO 3166-1
country code".
Is it valid to include BM, YT, BV, or CX the countryName attribute?
Thanks,
Peter
_______________________________________________
Public mailing list
Public at cabforum.org <mailto:Public at cabforum.org>
https://cabforum.org/mailman/listinfo/public
_______________________________________________
Public mailing list
Public at cabforum.org <mailto:Public at cabforum.org>
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160804/cd30d9db/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5152 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160804/cd30d9db/attachment-0001.p7s>
More information about the Public
mailing list