[cabfpub] Subject field of Subordinate CAs

Rick Andrews Rick_Andrews at symantec.com
Fri Jan 15 23:38:47 UTC 2016

We think that the language in BR Section h, which applies to the Subject field of Subordinate CA certificates, is vague and potentially misleading. It currently says:

The Certificate Subject MUST contain the following:
-          countryName (OID This field MUST contain the two-letter ISO 3166‐1 country code for the country in which the CA’s place of business is located.
-          organizationName (OID This field MUST contain the name (or abbreviation thereof), trademark, or other meaningful identifier for the CA, provided that they accurately identify the CA.
The field MUST NOT contain exclusively a generic designation such as “CA1”.

The words “meaningful”, “accurately identify” and “generic” are subjective, and we think that allowing the use of a trademark further leads to confusion.

We were recently approached by a customer who wanted a Subordinate CA certificate that contained one of their trademarks. Even though we were able to verify that they owned the trademark in their country, we felt it was generic and violated the spirit of

To clarify this section, we’re thinking of proposing a ballot to remove the word “trademark”, and require that the organizationName be vetted in accordance with Section 3.2.2. However, we see that allows a DBA or Tradename to be used. We may also want to consider removing that from the BRs.

By way of example, suppose a company gets a trademark for the term “Certification Authority” in their country, is that permissible to put in the Subject Organizational Name of an end-entity or Subordinate CA certificate?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5749 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160115/f378fafc/attachment.p7s>

More information about the Public mailing list