[cabfpub] FW: ambiguity implementing permanentIdentifier

Dean Coclin Dean_Coclin at symantec.com
Fri May 6 19:41:26 UTC 2016 

Forwarding to the public list for greater reach and commentary.

 

From: codesigning-bounces at cabforum.org
[mailto:codesigning-bounces at cabforum.org] On Behalf Of Koichi Sugimoto
Sent: Friday, May 06, 2016 5:59 AM
To: codesigning at cabforum.org
Subject: [cabfc_s] ambiguity implementing permanentIdentifier

 

Hello,

 

While I analyzing SubjectAltName:permanentIdentifier specified in section
9.7 of EV-Code-Signing-v.1.3.pdf,
I found an ambiguity of generating "STATE".

9.7 (B) 2) says:

If applicable, the state, province, or locality of the Subject's
Jurisdiction of Incorporation in

uppercase characters as specified in the
subjectjurisdictionOfIncorporationLocalityName or

subject:jurisdictionofIncorporationStateorProvinceName field, expressed in
an unabbreviated

format (STATE);

 

Let JST be subjectjurisdictionOfIncorporationLocalityName and JL be
subject:jurisdictionofIncorporationStateorProvinceName.

In such case, following all patterns are acceptable?

 

a)     STATE=ST

b)    STATE=JL-ST

c)     STATE=JL

 

I also have a problem of implementing JST and JL.

Section 9.2.5 of EV-V1_5_9.pdf specifies how to implement JST, JL and JC (JC
means subject:jurisdictionCountryName).

The specification says:

For example, the Jurisdiction of Incorporation for an Incorporating Agency
or

Jurisdiction of Registration for a Registration Agency that operates at the
country level MUST include the country

information but MUST NOT include the state or province or locality
information. Similarly, the jurisdiction for

the applicable Incorporating Agency or Registration Agency at the state or
province level MUST include both

country and state or province information, but MUST NOT include locality
information. And, the jurisdiction for

the applicable Incorporating Agency or Registration Agency at the locality
level MUST include the country and

state or province information, where the state or province regulates the
registration of the entities at the locality

level, as well as the locality information.

 

I understand this definition as:

 

If COUNTRY LEVEL

JC = xx

ELSE IF ST/P LEVEL

JC = xx, JST = yy

ELSE (=IF LOCALITY LEVEL) {

IF "state or province regulates the registration of the entities at the
locality level"

JC = xx, JST = yy, JL = zz

ELSE (=IF "state or province does not regulate the registration of the
entities at the locality level")

JC = xx, JL = zz

}

 

I am very interested in the yellow colored parts.

 

If both are acceptable, it's OK.

But, if "c) STATE=JL" is not acceptable, then, how should we cope with the
case of "JC=xx, JL=zz"?

And also if "JC=xx, JL=zz" is not acceptable, how should we cope with the
case of "c) STATE=JL"?

 

 

Regards,

Koichi Sugimoto.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160506/12612492/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5747 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160506/12612492/attachment.p7s>

More information about the Public mailing list