[cabfpub] Ballot 175 - Addition of givenName and surname
陳立群
realsky at cht.com.tw
Wed Sep 7 07:36:21 UTC 2016
Hi, Jeremy,
As the ballot insert a new (C) under 7.1.4.2.2, renumbering all
subsequent bullets. But you forgot to amend Section 7.1.4.2.2(g) to Section
7.1.4.2.2(h) in the “contents” of new 7.1.4.2. (e). and new 7.1.4.2(f).
That is, these sentences should be
e. Certificate Field: subject:localityName (OID: 2.5.4.7)
Required if the subject:organizationName field, subject:givenName field, or
subject:surname field are is present and the subject:stateOrProvinceName
field is absent.
Optional if the subject:stateOrProvinceName field and the
subject:organizationName field, subject:givenName field, or subject:surname
field are present.
Prohibited if the subject:organizationName field, subject:givenName, and
subject:surname field are is absent.
Contents: If present, the subject:localityName field MUST contain the
Subject’s locality information as verified under Section 3.2.2.1. If the
subject:countryName field specifies the ISO 3166‐1 user‐assigned code of
XX in accordance with Section 7.1.4.2.2(g)(h), the localityName field MAY
contain the Subject’s locality and/or state or province information as
verified under Section 3.2.2.1.
f. Certificate Field: subject:stateOrProvinceName (OID: 2.5.4.8)
Required if the subject:organizationName field field, subject:givenName
field, or subject:surname field are is present and the subject:localityName
field is absent.
Optional if the subject:localityName field and the subject:organizationName
field, the subject:givenName field, or subject:surname field are present.
Prohibited if the subject:organizationName field, subject:givenName field ,
or subject:surname field are is absent.
Contents: If present, the subject:stateOrProvinceName field MUST contain the
Subject’s state or province information as verified under Section 3.2.2.1.
If the subject:countryName field specifies the ISO 3166‐1 user‐assigned
code of XX in accordance with Section 7.1.4.2.2(g)(h), the
subject:stateOrProvinceName field MAY contain the full name of the Subject’
s country information as verified under Section 3.2.2.1.
Sincerely Yours,
Li-Chun CHEN
Deputy Senior Engineer
CISSP, CISA, CISM, PMP,
Information & Communication Security Dept.
Data Communication Business Group
Chunghwa Telecom Co. Ltd.
realsky at cht.com.tw
+886-2-2344-4820#4025
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Jeremy Rowley
Sent: Wednesday, August 24, 2016 11:19 AM
To: public at cabforum.org
Subject: [cabfpub] Ballot 175 - Addition of givenName and surname
Ballot 175 - Addition of givenName/surname
The following motion has been proposed by Jeremy Rowley of DigiCert and
endorsed by Richard Wang of WoSign and Eddy Nigg of StartCom:
Background:
The CAB Forum Baseline Requirements theoretically permit use of givenName
and surname under Section 7.1.4.2.2. However, the actual language of Section
7.1.4.2.2 ends up prohibiting use of these fields. This ballot permits use
of givenName and surname to identify individuals validated under Section
3.2.5.
--Motion Begins--
Insert a new (C) under 7.1.4.2.2, renumbering all subsequent bullets.
c. Certificate Field: subject:givenName (2.5.4.42) and subject:surname (2.5.
4.4)
* Optional.
Contents: If present, the subject:givenName field and subject:surname field
MUST contain an natural person Subject’s name as verified under Section
3.2.3. A Certificate containing a subject:givenName field or subject:surname
field MUST contain the (2.23.140.1.2.3) Certificate Policy OID.
d. Certificate Field: Number and street: subject:streetAddress (OID:
2.5.4.9)
* Optional if the subject:organizationName field, subject: givenName
field, or subject:surname field are is present. Prohibited if the
subject:organizationName field, subject:givenName, and subject:surname field
are is absent.
* Contents: If present, the subject:streetAddress field MUST contain the
Subject’s street address information as verified under Section 3.2.2.1.
e. Certificate Field: subject:localityName (OID: 2.5.4.7)
Required if the subject:organizationName field, subject:givenName field, or
subject:surname field are is present and the subject:stateOrProvinceName
field is absent. Optional if the subject:stateOrProvinceName field and the
subject:organizationName field, subject:givenName field, or subject:surname
field are present. Prohibited if the subject:organizationName field,
subject:givenName, and subject:surname field are is absent.
Contents: If present, the subject:localityName field MUST contain the
Subject’s locality information as verified under Section 3.2.2.1. If the
subject:countryName field specifies the ISO 3166‐1 user‐assigned code of
XX in accordance with Section 7.1.4.2.2(g), the localityName field MAY
contain the Subject’s locality and/or state or province information as
verified under Section 3.2.2.1.
f. Certificate Field: subject:stateOrProvinceName (OID: 2.5.4.8)
Required if the subject:organizationName field field, subject:givenName
field, or subject:surname field are is present and the subject:localityName
field is absent. Optional if the subject:localityName field and the subject:
organizationName field, the subject:givenName field, or subject:surname
field are present. Prohibited if the subject:organizationName field,
subject:givenName field , or subject:surname field are is absent.
Contents: If present, the subject:stateOrProvinceName field MUST contain the
Subject’s state or province information as verified under Section 3.2.2.1.
If the subject:countryName field specifies the ISO 3166‐1 user‐assigned
code of XX in accordance with Section 7.1.4.2.2(g), the
subject:stateOrProvinceName field MAY contain the full name of the Subject’
s country information as verified under Section 3.2.2.1.
g. Certificate Field: subject:postalCode (OID: 2.5.4.17)
Optional if the subject:organizationName, subject:givenName field, or
subject:surname fields are is present. Prohibited if the
subject:organizationName field, subject:givenName field, or subject:surname
field are is absent.
Contents: If present, the subject:postalCode field MUST contain the
Subject’s zip or postal information as verified under Section 3.2.2.1.
h. Certificate Field: subject:countryName (OID: 2.5.4.6)
Required if the subject:organizationName field, subject:givenName, or
subject:surname field are is present. Optional if the
subject:organizationName field, subject:givenName field, and subject:surname
field are is absent.
Contents: If the subject:organizationName field is present, the
subject:countryName MUST contain the two‐letter ISO 3166‐1 country code
associated with the location of the Subject verified under Section 3.2.2.1.
If the subject:organizationName, subject:givenName field, and
subject:surname field are is absent, the subject:countryName field MAY
contain the two‐letter ISO 3166‐1 country code associated with the Subject
as verified in accordance with Section 3.2.2.3. If a Country is not
represented by an official ISO 3166‐1 country code, the CA MAY specify the
ISO 3166‐1 user‐assigned code of XX indicating that an official ISO 3166‐
1 alpha‐2 code has not been assigned.
i. Certificate Field: subject:organizationalUnitName
Optional.
Contents: The CA SHALL implement a process that prevents an OU attribute
from including a name, DBA, tradename, trademark, address, location, or
other text that refers to a specific natural person or Legal Entity unless
the CA has verified this information in accordance with Section 3.2 and the
Certificate also contains subject:organizationName, subject:givenName,
subject:surname, subject:localityName, and subject:countryName attributes,
also verified in accordance with Section 3.2.2.1.
7.1.6.1
…
If the Certificate asserts the policy identifier of 2.23.140.1.2.1, then it
MUST NOT include organizationName, givenName, surname, streetAddress,
localityName, stateOrProvinceName, or postalCode in the Subject field.
…
--Motion Ends--
The review period for this ballot shall commence at 2200 UTC on 24 August
2016, and will close at 2200 UTC on 31 August 2016. Unless the motion is
withdrawn during the review period, the voting period will start immediately
thereafter and will close at 2200 UTC on 7 September 2016. Votes must be
cast by posting an on-list reply to this thread.
A vote in favor of the motion must indicate a clear 'yes' in the response. A
vote against must indicate a clear 'no' in the response. A vote to abstain
must indicate a clear 'abstain' in the response. Unclear responses will not
be counted. The latest vote received from any representative of a voting
member before the close of the voting period will be counted. Voting members
are listed here: https://cabforum.org/members/
In order for the motion to be adopted, two thirds or more of the votes cast
by members in the CA category and greater than 50% of the votes cast by
members in the browser category must be in favor. Quorum is currently ten
(10) members- at least ten members must participate in the ballot, either by
voting in favor, voting against, or abstaining.
本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利用本信件內容,並請銷毀此信件. 如為指定收件者,應確實保護郵件中本公司之營業機密及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性,以共同善盡資訊安全與個資保護責任.
Please be advised that this email message (including any attachments) contains confidential information and may be legally privileged. If you are not the intended recipient, please destroy this message and all attachments from your system and do not further collect, process, or use them. Chunghwa Telecom and all its subsidiaries and associated companies shall not be liable for the improper or incomplete transmission of the information contained in this email nor for any delay in its receipt or damage to your system. If you are the intended recipient, please protect the confidential and/or personal information contained in this email with due care. Any unauthorized use, disclosure or distribution of this message in whole or in part is strictly prohibited. Also, please self-inspect attachments and hyperlinks contained in this email to ensure the information security and to protect personal information.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160907/168bdd95/attachment-0003.html>
More information about the Public
mailing list