[cabfpub] Acceptable values for countryName

Robin Alden robin at comodo.com
Thu Jul 28 22:19:46 UTC 2016


Hi Peter, Erwann,
	ISO-3166 includes an indication as to whether the countries are 'independent'.

(from ISO-3166-1)
"4.5
Independent countries
Independent countries are indicated in a specific column in the lists of this part of ISO 3166. For the purpose of this part of ISO 3166, the member states of United Nations and the Holy See are regarded as independent."

I say this in no way to disagree with Erwann's and your analysis of which ISO-3166-1 codes are countries and which are not, but to point out that the great majority of the list of 200 independent countries may be identified from ISO-3166 in this way.  The additions (on the basis of being recognized by at least two UN member nations) still need adding in as you suggest.


On the Policy Review Working Group conference call today we discussed the issue of whether the countryName subject element of an end entity certificate should be restricted to only those ISO-3166-1 Alpha-2 codes which represented Independent countries (plus 'XX') or whether any one of the ISO-3166-1 Alpha-2 codes (plus 'XX') would be appropriate to appear in countryName.
1) It was apparent to us that the BRs are not currently definitive on the topic.
2) There appeared to be a consensus of opinion among those on today's call that it was not obviously inappropriate to use *any* of the ISO-3166-1 Alpha-2 codes (plus 'XX') and that, subject to wider discussion, we should consider proposing an amendment to the BRs to make it clear that any ISO3166-1 Alpha-2 code (plus 'XX') would be valid as the content of the countryName element of the subject of an end entity certificate.

Regards
Robin

> -----Original Message-----
> From: public-bounces at cabforum.org [mailto:public-
> bounces at cabforum.org] On Behalf Of Peter Bowen
> Sent: 25 July 2016 04:58
> To: Erwann Abalea <Erwann.Abalea at docusign.com>; CABFPub
> <public at cabforum.org>
> Subject: [cabfpub] Acceptable values for countryName
> 
> I want to follow up on something Erwann said in a rather long thread.
> 	
> > On Jul 15, 2016, at 11:25 AM, Erwann Abalea
> <Erwann.Abalea at docusign.com> wrote:
> >
> > That’s in fact a list of ISO3166-1 codes. Not all of them are actual country
> codes (ISO3166-1 lists country and territories) and are suitable for use in
> DV/OV/EV certificates (see the definition of an acceptable country code in
> the BR).
> 
> > Among them:
> > 	• GF, GP, MQ, YT, RE are regions and departments of France (C=FR,
> and you can put their name into the stateOrProvinceName attribute), and
> they are even composed of cities (we have 6 administrative subdivision
> levels in France, with more than 36000 cities, we’re crazy)
> > 	• BV and SJ belong to Norway (C=NO), you can certainly put their
> name into the stateOrProvinceName attribute
> > 	• FK, GI, GS, PN, VG are British Overseas Territories (some are
> disputed either by Argentina or Spain, but still, C=UK)
> > 	• CX and NF are Australian territories (C=AU)
> > 	• FO is a constituent country of Denmark (C=DK), exactly like
> Scotland wrt UK
> > 	• GU is a non incorporated territory of the United States of America
> (C=US), just like Porto Rico
> > 	• GG, IM, JE are Crown dependancies, can possibly be considered as
> countries (C=GG/IM/JE), but anyway have administrative subdivisions
> 
> The Baseline Requirements have a definition of “Country": "Either a member
> of the United Nations OR a geographic region recognized as a sovereign
> nation by at least two UN member nations.”  According to the UN, there are
> 193 member states (http://www.un.org/en/member-states/). There are
> two non-member states which have permanent observer status — the Holy
> See and the State of Palestine (http://www.un.org/en/sections/member-
> states/non-member-states/).  These are assigned ISO 3166-1 alpha-2 codes
> of VA and PS respectively.  Based on Wikipedia
> (https://en.wikipedia.org/wiki/List_of_states_with_limited_recognition#No
> n-UN_member_states_recognised_by_at_least_one_UN_member_state),
> with all caveats that brings, there are five additional non-UN member states
> recognized by at least two UN member states — the Republic of Abkhazia,
> the Republic of China, the Republic of Kosovo, the Sahrawi Arab Democratic
> Republic, and the Republic of South Ossetia.  This appears to mean 200 states
> meet the definition of Country in the BRs.
> 
> However, section 7.1.4.2.2(g) of the BRs says:
> 
> "If the subject:organizationName field is present, the subject:countryName
> MUST contain the two-letter ISO 3166-1 country code associated with the
> location of the Subject verified under Section 3.2.2.1. If the
> subject:organizationName field is absent, the subject:countryName field
> MAY contain the two-letter ISO 3166-1 country code associated with the
> Subject as verified in accordance with Section 3.2.2.3. If a Country is not
> represented by an official ISO 3166-1 country code, the CA MAY specify the
> ISO 3166-1 user-assigned code of XX indicating that an official ISO 3166-1
> alpha-2 code has not been assigned.”
> 
> In reading this, I’m not clear whether it is valid to use all 249 assigned ISO
> 3166-1 alpha-2 codes in the countryName attribute or just the ones that
> correspond to an entity meeting the BR definition of Country.  This ambiguity
> is because the term “Country” (capitalized) is only used in the last sentence,
> while earlier uses say the field may contain a “ISO 3166-1 country code”.
> 
> Is it valid to include BM, YT, BV, or CX the countryName attribute?
> 
> Thanks,
> Peter
> 
> 
> 
> 
> 
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5152 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160728/daf29014/attachment-0001.p7s>


More information about the Public mailing list