[cabfpub] Subject field of Subordinate CAs
jeremy.rowley at digicert.com
Wed Feb 10 17:41:40 UTC 2016
We certainly do not own Verizon as a corporate entity.
From: Rick Andrews [mailto:Rick_Andrews at symantec.com]
Sent: Wednesday, February 10, 2016 10:33 AM
To: Peter Bowen
Cc: Jeremy Rowley; public at cabforum.org
Subject: RE: [cabfpub] Subject field of Subordinate CAs
No, it's probably just a matter of my ignorance about legal stuff. I'm sure they still exist as legal entities, just not flesh-and-blood people working in brick-and-mortar buildings with that branding. I don't know about Verizon.
From: Peter Bowen [mailto:pzb at amzn.com]
Sent: Wednesday, February 10, 2016 9:30 AM
To: Rick Andrews <Rick_Andrews at symantec.com>
Cc: Jeremy Rowley <jeremy.rowley at digicert.com>; public at cabforum.org
Subject: Re: [cabfpub] Subject field of Subordinate CAs
I’m rather surprised at this, given that www.thawte.com serves an EV certificate identifying Thawte, Inc. as Delaware, US corporation with registration number 3898261.
Similarly, www.geotrust.com serves an EV certificate identifying Geotrust, Inc. as Delaware, US corporation with registration number 3479750.
Are you saying these companies no longer exist?
> On Feb 10, 2016, at 9:22 AM, Rick Andrews <rick_andrews at symantec.com> wrote:
> Peter, GeoTrust and Thawte are no longer separate companies, but we still operate roots with those names. Ditto with Digicert and Verizon. You can grandfather in existing roots, but we've continued to create roots with those names in them.
> -----Original Message-----
> From: Peter Bowen [mailto:pzb at amzn.com]
> Sent: Wednesday, February 10, 2016 6:04 AM
> To: Jeremy Rowley <jeremy.rowley at digicert.com>; public at cabforum.org;
> Rick Andrews <Rick_Andrews at symantec.com>
> Subject: Re: [cabfpub] Subject field of Subordinate CAs
> There is already a clear process (126.96.36.199) for validating DBA / Trade name. My suggestion is to simply require the same thing in the organizationName field of CA certificates that we already require in the organizationName field of other certificates.
> Are there any known examples of CA certificates using a trademark which is not also a company name in the organizationName field?
>> On Feb 9, 2016, at 3:13 PM, Jeremy Rowley <jeremy.rowley at digicert.com> wrote:
>> I'm not in favor of this. Registered trademarks are easily identifiable as associated with a particular entity, especially with the address information included. If you wanted to improve the process, require that the serial number of the registration be included in the cert rather than banning use of the mark. Fictitious, operating, and trading names are not necessarily registered in all jurisdictions.
>> -----Original Message-----
>> From: public-bounces at cabforum.org
>> [mailto:public-bounces at cabforum.org]
>> On Behalf Of Peter Bowen
>> Sent: Tuesday, February 9, 2016 3:08 PM
>> To: Rick Andrews
>> Cc: public at cabforum.org
>> Subject: Re: [cabfpub] Subject field of Subordinate CAs
>> I’m in favor of dropping trademark altogether. I think we should define the name of the CA as being either their company, business, fictitious, operating, trading or equivalent name.
>>> On Feb 9, 2016, at 1:43 PM, Rick Andrews <rick_andrews at symantec.com> wrote:
>>> Thanks, Moudrick. That helps, in that it says "In some countries, you can also get protection even if your trade mark is not registered, as long as it is used. However, you are well advised to register it in order to obtain the best protection."
>>> At the very least, it seems we should consider changing the reference in BR Section 188.8.131.52 h from "trademark" to "registered trademark". One would expect that the CA verifies that a trademark is registered before including it in a Subject DN. Anyone disagree with that?
>>> -----Original Message-----
>>> From: Moudrick M. Dadashov [mailto:md at ssc.lt]
>>> Sent: Wednesday, February 03, 2016 7:43 PM
>>> To: Peter Bowen <pzb at amzn.com>; Rick Andrews
>>> <Rick_Andrews at symantec.com>
>>> Cc: public at cabforum.org
>>> Subject: Re: [cabfpub] Subject field of Subordinate CAs
>>> Some more:
>>> On 2/4/2016 4:04 AM, Peter Bowen wrote:
>>>> Let me give some examples from various jurisdictions.
>>>> Trade name is just one term of many that have roughly equivalent meaning. A few examples:
>>>> Here in the State of Washington in the US, the official term for
>>>> doing business as is "Trade Name".
>>>> In the State of California in the US the term is “fictitious
>>>> business name”.
>>>> BusinessName.aspx) In the State of Maine in the US, there are two
>>>> similar terms “assumed name” and “fictitious name”.
>>>> In Canada, the term is “operating name”.
>>>> ) In Australia, the current term is “business name” but “trading
>>>> was used until 2012.
>>>> ame-and-company-name/) In the UK, it seems the term is also
>>>> “business name”. (https://www.gov.uk/choose-company-name)
>>>> New Zealand handily defines both Trading Name and Trade Mark:
>>>> Interestingly, I was unable to find any jurisdiction where the correct term is “doing business as” name.
>>>> Trade mark is defined, among other places, in the TRIPS agreement, administered by the WTO. (https://www.wto.org/english/tratop_e/trips_e/intel2_e.htm#trademark) I am not aware of any jurisdiction where a trademark registration allows conducting business under that name without also filing a trading/trade/fictitious/assumed/operating name.
>>>> Now, I am not a lawyer, so I may have missed something in my quick searches, but it appears there is a notable difference across the world between Trade Mark and Trading Name.
>>>>> On Feb 3, 2016, at 5:29 PM, Rick Andrews <rick_andrews at symantec.com> wrote:
>>>>> I'm trying to better understand the difference between trademark and tradename. They're treated differently in the BRs, although they're not defined.
>>>>> I asked Ben for a reference, and he gave me these from Black's Law Dictionary:
>>>>> Trade-mark. Generally speaking, a distinctive mark of authenticity, through which the products of particular manufacturers or the vendible commodities of particular merchants may be distinguished from those of others. It may consist in any symbol or in any form of words, but, as its office is to point out distinctively the origin or ownership of the articles to which it is affixed, it follows that no sign or form of words can be appropriated as a valid trade-mark which, from the nature of the fact conveyed by its primary meaning, others may employ with equal truth and with equal right for the same purpose.
>>>>> The term "trade-mark" includes any word, name, symbol, or device or any combination thereof adopted and used by a manufacturer or merchant to identify his goods and distinguish them from those manufactured or sold by others. (Citation from some other document) Exclusive rights to use a trade-mark are granted by the federal government for twenty-eight years.
>>>>> Trade-name. Any designation which (a) is adopted and used by person to denominate goods which he markets, or services which he renders, or business which he conducts, or has come to be so used by others, and (b) through its association with such goods, services or business, has acquired a special significance as the name thereof, and (c) the use of which for the purpose stated in (a) is prohibited neither by legislative enactment nor by otherwise defined public policy.
>>>>> A name used in trade to designate a particular business of certain individuals considered somewhat as an entity, or the place at which a business is located, or of a class of goods, but which is not a technical trade-mark either because not applied or affixed to goods sent into the market or because not capable of exclusive appropriation by anyone as a trade-mark. Trade-names may, or may not, be exclusive. Non-exclusive "trade-names" are names that are publici juris in their primary sense, and which in a secondary sense have come to be understood as indicating the goods or businesses of a particular trader.
>>>>> Those definitions seem to imply that a Trade-mark is harder to get, because some jurisdiction must grant exclusive right to it, whereas a Trade-name is just something that the entity adopts.
>>>>> But 184.108.40.206 in the BRs seems to treat Tradename as more authoritative, equating it to DBA. And that section doesn't allow trademarks, only tradenames. Doesn't a DBA have to be registered in some jurisdiction so that two entities don't use the same DBA? And are these definitions too US-centric? Forgetting my original topic for a moment (Subject field of Subordinate CAs) does anyone else feel that the current BRs use Tradename where they should be using Trademark?
>>>>> -----Original Message-----
>>>>> From: Peter Bowen [mailto:pzb at amzn.com]
>>>>> Sent: Friday, January 15, 2016 4:03 PM
>>>>> To: Rick Andrews <Rick_Andrews at symantec.com>
>>>>> Cc: public at cabforum.org
>>>>> Subject: Re: [cabfpub] Subject field of Subordinate CAs
>>>>>> On Jan 15, 2016, at 3:38 PM, Rick Andrews <rick_andrews at symantec.com> wrote:
>>>>>> We think that the language in BR Section 220.127.116.11 h, which applies to the Subject field of Subordinate CA certificates, is vague and potentially misleading. It currently says:
>>>>>> The Certificate Subject MUST contain the following:
>>>>>> - countryName (OID 18.104.22.168). This field MUST contain the two-letter ISO 3166‐1 country code for the country in which the CA’s place of business is located.
>>>>>> - organizationName (OID 22.214.171.124). This field MUST contain the name (or abbreviation thereof), trademark, or other meaningful identifier for the CA, provided that they accurately identify the CA.
>>>>>> The field MUST NOT contain exclusively a generic designation such as “CA1”.
>>>>>> The words “meaningful”, “accurately identify” and “generic” are subjective, and we think that allowing the use of a trademark further leads to confusion.
>>>>>> We were recently approached by a customer who wanted a Subordinate CA certificate that contained one of their trademarks. Even though we were able to verify that they owned the trademark in their country, we felt it was generic and violated the spirit of 126.96.36.199.
>>>>>> To clarify this section, we’re thinking of proposing a ballot to remove the word “trademark”, and require that the organizationName be vetted in accordance with Section 3.2.2.
>>>>> I think this is reasonable as long as the name can be that of a Parent Company, Subsidiary Company, or Affiliate in addition to the direct customer (e.g, same as 188.8.131.52).
>>>>>> However, we see that 184.108.40.206 allows a DBA or Tradename to be used. We may also want to consider removing that from the BRs.
>>>>> DBA and Tradename are very different from trademarks. I think it would be a huge disservice to remove these as it would mean many common shops would not be able to use their name, both companies big and small. If owner runs it as a sole proprietorship, they should be able to use their commonly known store name (registered with the state) rather than their personal name.
>>>>>> By way of example, suppose a company gets a trademark for the term “Certification Authority” in their country, is that permissible to put in the Subject Organizational Name of an end-entity or Subordinate CA certificate?
>>>>> Today they would not be allowed to put that in an end-entity certificate unless it was also registered as a tradename or DBA with their secretary of corporations or equivalent. I agree subjective rules are non-desirable, but I don’t have a strong preference on whether a CA-certificate should be allowed to have O=Certification Authority in the case you mention.
>>>> Public mailing list
>>>> Public at cabforum.org
>> Public mailing list
>> Public at cabforum.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4964 bytes
Desc: not available
More information about the Public