[cabfpub] givenName and surname revived

Eddy Nigg eddy_nigg at startcom.org
Sun Aug 21 16:22:09 UTC 2016 

Jeremy, we are happy to endorse this ballot.

On 08/20/2016 05:41 PM, Jeremy Rowley wrote:
>
> Hey Bruce -- IV certs are well defined. The goal of the ballot isn't 
> to further define IV certs but to permit use of the givenName and 
> surname fields for IV certs. giveName and surname in the org field 
> would be allowed. They'd still use the IV OIDs as they were validated 
> under the IV section of the CP.
>
> *From:* Bruce Morton [mailto:Bruce.Morton at entrust.com]
> *Sent:* Friday, August 19, 2016 6:41 AM
> *To:* Jeremy Rowley <jeremy.rowley at digicert.com>; public at cabforum.org
> *Subject:* RE: givenName and surname revived
>
> Hi Jeremy,
>
> Would like some clarification. On the call yesterday, it was said that 
> IV certificates were not defined, so this ballot will help resolve this.
>
> Per 7.1.4.2.2 b, the current BRs allow givenName and surname to be 
> included in the organizationName field. Will this still be allowed? If 
> so, what would the certificate type be? OV or IV? I would prefer that 
> these be OV certificates.
>
> If we do make the changes and the CAs have to meet Microsoft's 
> requirement to put a DV, OV, or IV certificate policy in the 
> certificate, I think we should clearly define each certificate type.
>
> Also, the stateOrProvinceName field appears to currently have an issue 
> as it does not have any language to address the case where there is no 
> state or province in the address.
>
> Thanks, Bruce.
>
> *From:* public-bounces at cabforum.org 
> <mailto:public-bounces at cabforum.org> 
> [mailto:public-bounces at cabforum.org] *On Behalf Of *Jeremy Rowley
> *Sent:* Thursday, August 18, 2016 12:09 PM
> *To:* public at cabforum.org <mailto:public at cabforum.org>
> *Subject:* [cabfpub] givenName and surname revived
>
> Looking for two endorsers for the following revisions the baseline 
> requirements adding support for givenName and surname:
>
> Insert a new (C) under 7.1.4.2.2, renumbering all subsequent bullets.
>
> _c. *Certificate Field*: subject:givenName (2.5.4.42) and 
> subject:surname (2.5.4.4)_
>
> *_Optional. _*
>
> *_Contents: _*_If present, the subject:givenName field and 
> subject:surname field MUST contain an natural person Subject's name as 
> verified under Section 3.2.3. A Certificate containing a 
> subject:givenName field or subject:surname field MUST contain the 
> (2.23.140.1.2.3) Certificate Policy OID_.__
>
> _d._ Certificate Field: Number and street: subject:streetAddress (OID: 
> 2.5.4.9)
>
>     Optional if the subject:organizationName field_, subject: 
> givenName field, or subject:surname field are_ is present. Prohibited 
> if the subject:organizationName field_, subject:givenName, and 
> subject:surname field are_is absent.
>
>    Contents: If present, the subject:streetAddress field MUST contain 
> the Subject's street address information as verified under Section 
> 3.2.2.1.
>
> _e_. Certificate Field: subject:localityName (OID: 2.5.4.7)
>
> Required if the subject:organizationName field, _subject:givenName 
> field, or subject:surname field are_ is present and the 
> subject:stateOrProvinceName field is absent. Optional if 
> the_subject:stateOrProvinceName field and the subject:organizationName 
> field, subject:givenName field, or subject:surname _field are present. 
> Prohibited if the subject:organizationName field, _subject:givenName, 
> and subject:surname field are _is absent.
>
> Contents: If present, the subject:localityName field MUST contain the 
> Subject's locality information as verified under Section 3.2.2.1. If 
> the subject:countryName field specifies the ISO 3166-1 user-assigned 
> code of XX in accordance with Section 7.1.4.2.2(g), the localityName 
> field MAY contain the Subject's locality and/or state or province 
> information as verified under Section 3.2.2.1.
>
> _f_. Certificate Field: subject:stateOrProvinceName (OID: 2.5.4.8)
>
> Required if the subject:organizationName field field, 
> _subject:givenName field, or subject:surname field are_ is present and 
> _the _subject:localityName field is absent. Optional if the 
> _subject:localityName field and the subject:organizationName field, 
> the subject:givenName field, or subject:surname field_ are present. 
> Prohibited if the subject:organizationName field, _subject:givenName 
> field , or subject:surname field _areis absent. Contents: If present, 
> the subject:stateOrProvinceName field MUST contain the Subject's state 
> or province information as verified under Section 3.2.2.1. If the 
> subject:countryName field specifies the ISO 3166-1 user-assigned code 
> of XX in accordance with Section 7.1.4.2.2(g), the 
> subject:stateOrProvinceName field MAY contain the full name of the 
> Subject's country information as verified under Section 3.2.2.1.
>
> _g_. Certificate Field: subject:postalCode (OID: 2.5.4.17)
>
> Optional if the subject:organizationName, _subject:givenName field, or 
> subject:surname_ fields _are_ is present. Prohibited if the 
> subject:organizationName field, _subject:givenName field, or 
> subject:surname field are _is absent.
>
> Contents: If present, the subject:postalCode field MUST contain the 
> Subject's zip or postal information as verified under Section 3.2.2.1.
>
> _h_. Certificate Field: subject:countryName (OID: 2.5.4.6)
>
> Required if the subject:organizationName field, _subject:givenName , 
> or subject:surname field_ is present. Optional if the 
> subject:organizationName field, _subject:givenName field_, and 
> _subject:surname field are_ is absent.
>
> Contents: If the subject:organizationName field is present, the 
> subject:countryName MUST contain the two-letter ISO 3166-1 country 
> code associated with the location of the Subject verified under 
> Section 3.2.2.1. If the subject:organizationName, _subject:givenName 
> field, and subject:surname_  field _are_  is absent, the 
> subject:countryName field MAY contain the two-letter ISO 3166-1 
> country code associated with the Subject as verified in accordance 
> with Section 3.2.2.3. If a Country is not represented by an official 
> ISO 3166-1 country code, the CA MAY specify the ISO 3166-1 
> user-assigned code of XX indicating that an official ISO 3166-1 
> alpha-2 code has not been assigned.
>
> _i_. Certificate Field: subject:organizationalUnitName
>
> Optional.
>
> _Contents: _The CA SHALL implement a process that prevents an OU 
> attribute from including a name, DBA, tradename, trademark, address, 
> location, or other text that refers to a specific natural person or 
> Legal Entity unless the CA has verified this information in accordance 
> with Section 3.2 and the Certificate also contains 
> subject:organizationName, _subject:givenName, subject:surname, 
> _subject:localityName, and subject:countryName attributes, also 
> verified in accordance with Section 3.2.2.1.
>
> 7.1.6.1
>
> ...
>
> If the Certificate asserts the policy identifier of 2.23.140.1.2.1, 
> then it MUST NOT include organizationName, _givenName, surname,_ 
> streetAddress, localityName, stateOrProvinceName, or postalCode in the 
> Subject field.
>
> ...
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-- 
Regards
Signer: 	Eddy Nigg, COO/CTO
	StartCom Ltd. <http://www.startcom.org>
XMPP: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Twitter: 	Follow Me <http://twitter.com/eddy_nigg>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160821/f0bf7ffc/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4313 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160821/f0bf7ffc/attachment-0001.p7s>

More information about the Public mailing list