[cabfpub] EV Gudelines section 9.2.5 & X.520
陳立群
realsky at cht.com.tw
Wed Jun 29 15:08:00 UTC 2016
In X.520 as attached file or RFC 5280(https://tools.ietf.org/html/rfc5280) , There are no jurisdictionLocalityName (OID: 1.3.6.1.4.1.311.60.2.1.1),
jurisdictionStateOrProvinceName (OID: 1.3.6.1.4.1.311.60.2.1.2), jurisdictionCountryName (OID: 1.3.6.1.4.1.311.60.2.1.3). You can use search function to search attached PDF file.
These three OIDs are registered by Microsoft. Please see http://www.alvestrand.no/objectid/1.3.6.1.4.1.311.60.2.1.1.html, http://www.alvestrand.no/objectid/1.3.6.1.4.1.311.60.2.1.2.html and http://www.alvestrand.no/objectid/1.3.6.1.4.1.311.60.2.1.3.html
Peter referenced EV GL 9.2.5 such as
Naming attributes of type X520LocalityName
id-at-localityName AttributeType ::= { id-at 7 }
that id is 2.5.4.
But Country Name (2.5.4.6), State or Province Name (2.5.4.8) and Locality Name (2.5.4.7) are appeared in X.520.
Li-Chun CHEN
-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Peter Bowen
Sent: Friday, June 17, 2016 4:52 AM
To: CABFPub
Subject: [cabfpub] EV Gudelines section 9.2.5 & X.520
On today’s validation working group call, there was a question about how X.520 related to the attributes defined in section 9.2.5 of the EV Guidelines.
This section says:
"Locality (if required):
subject:jurisdictionLocalityName (OID: 1.3.6.1.4.1.311.60.2.1.1)
ASN.1 - X520LocalityName as specified in RFC 5280
State or province (if required):
subject:jurisdictionStateOrProvinceName (OID: 1.3.6.1.4.1.311.60.2.1.2)
ASN.1 - X520StateOrProvinceName as specified in RFC 5280
Country:
subject:jurisdictionCountryName (OID: 1.3.6.1.4.1.311.60.2.1.3)
ASN.1 – X520countryName as specified in RFC 5280"
The ASN.1 definitions all reference RFC 5280 and are defined in Appendix A. They are copied at the end of this email. RFC 5280 also says " The DirectoryString type is defined as a choice of PrintableString, TeletexString, BMPString, UTF8String, and UniversalString. CAs conforming to this profile MUST use either the PrintableString or UTF8String encoding of DirectoryString”
Taken together, this means:
jurisdictionCountryName (OID: 1.3.6.1.4.1.311.60.2.1.3) must be a PrintableString with two characters which together are a “alpha 2” code defined in ISO 3166 Part 1.
jurisdictionStateOrProvinceName (OID: 1.3.6.1.4.1.311.60.2.1.2), if included, should be either a PrintableString or UTF8String and must contain at least 1 and not more than 128 characters.
jurisdictionLocalityName (OID: 1.3.6.1.4.1.311.60.2.1.1), if included, shoud be either a PrintableString or UTF8String and must contain at least 1 and not more than 128 characters.
The appropriate values for these attributes, and when one needs to include the the latter two, is defined in section 9.2.5 as well.
Does this help clarify how these attributes work?
Thanks,
Peter
-- Naming attributes of type X520LocalityName
id-at-localityName AttributeType ::= { id-at 7 }
-- Naming attributes of type X520LocalityName:
-- X520LocalityName ::= DirectoryName (SIZE (1..ub-locality-name))
--
-- Expanded to avoid parameterized type:
X520LocalityName ::= CHOICE {
teletexString TeletexString (SIZE (1..ub-locality-name)),
printableString PrintableString (SIZE (1..ub-locality-name)),
universalString UniversalString (SIZE (1..ub-locality-name)),
utf8String UTF8String (SIZE (1..ub-locality-name)),
bmpString BMPString (SIZE (1..ub-locality-name)) }
-- Naming attributes of type X520StateOrProvinceName
id-at-stateOrProvinceName AttributeType ::= { id-at 8 }
-- Naming attributes of type X520StateOrProvinceName:
-- X520StateOrProvinceName ::= DirectoryName (SIZE (1..ub-state-name))
--
-- Expanded to avoid parameterized type:
X520StateOrProvinceName ::= CHOICE {
teletexString TeletexString (SIZE (1..ub-state-name)),
printableString PrintableString (SIZE (1..ub-state-name)),
universalString UniversalString (SIZE (1..ub-state-name)),
utf8String UTF8String (SIZE (1..ub-state-name)),
bmpString BMPString (SIZE (1..ub-state-name)) }
-- Naming attributes of type X520countryName (digraph from IS 3166)
id-at-countryName AttributeType ::= { id-at 6 }
X520countryName ::= PrintableString (SIZE (2))
-- Upper Bounds
ub-locality-name INTEGER ::= 128
ub-state-name INTEGER ::= 128
_______________________________________________
Public mailing list
<mailto:Public at cabforum.org> Public at cabforum.org
<https://cabforum.org/mailman/listinfo/public> https://cabforum.org/mailman/listinfo/public
本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利用本信件內容,並請銷毀此信件. 如為指定收件者,應確實保護郵件中本公司之營業機密及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性,以共同善盡資訊安全與個資保護責任.
Please be advised that this email message (including any attachments) contains confidential information and may be legally privileged. If you are not the intended recipient, please destroy this message and all attachments from your system and do not further collect, process, or use them. Chunghwa Telecom and all its subsidiaries and associated companies shall not be liable for the improper or incomplete transmission of the information contained in this email nor for any delay in its receipt or damage to your system. If you are the intended recipient, please protect the confidential and/or personal information contained in this email with due care. Any unauthorized use, disclosure or distribution of this message in whole or in part is strictly prohibited. Also, please self-inspect attachments and hyperlinks contained in this email to ensure the information security and to protect personal information.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160629/7e8eaa1a/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: T-REC-X.520-201210-I!!PDF-E.pdf
Type: application/pdf
Size: 740492 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160629/7e8eaa1a/attachment-0003.pdf>
More information about the Public
mailing list