[cabfpub] C=GR, C=UK exceptions in BRs

Dimitris Zacharopoulos jimmy at it.auth.gr
Mon Mar 20 01:03:18 MST 2017


On 18/3/2017 8:02 πμ, Ryan Sleevi wrote:
>
>
> On Sat, Mar 18, 2017 at 1:08 AM, Dimitris Zacharopoulos via Public 
> <public at cabforum.org <mailto:public at cabforum.org>> wrote:
>
>     The same might apply to Government agencies in the UK. Kirk, thank
>     you for the support. If members have no strong objections about
>     these two exceptions, we might introduce them in a future ballot.
>
>
> To be clear: I think we'd strongly object for the reasons given 
> ("because they want to"), and for the issues previously highlighted.
>
> I support further discussion of this, and in particular, if there are 
> any better reasons that can be articulated, as the current one is not 
> sufficient relative to the trade-offs and problems it introduces. I 
> welcome further information that you might be able to share about this.

Let me try to provide some reasons in favor of allowing these two 
exceptions.

 1. For reasons unrelated to the CA/B Forum (political or whatever
    non-technical reasons), two EU Countries have been using different
    two-letter Country Identifiers in addition to the ones listed in
    ISO3166-1. These exceptions have been well-defined in legal EU
    documents, like the 1505/2015
    <http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32015D1505>
    implementing decision. Since these exceptions are used
    Internationally, are well-defined and globally recognized, it makes
    sense to allow them to be used in the webPKI as well.
 2. Introducing these well-defined exceptions pose no security threat
    because these identifiers are already known for so long. AFAIU, by
    adding these two exceptions, no significant problems have been
    identified so far in the discussion. Please note that I am not
    suggesting "replacing C=GR with C=EL and C=GB with C=UK" but
    allowing all of them to be acceptable.
 3. There may be legal reasons for some official government agencies to
    be represented by using C=EL or C=UK in the subject field. Should
    the Forum prevent that? Should the Forum question these reasons?

I don't know if the Greek government has contacted ISO3166 in order to 
add some text that makes an "exceptional reservation" notice for "EL" 
but would this change anything? I mean "UK" is already marked as 
"exceptionally reserved" but it's still not allowed in the current BRs.

I am not sure what more would you expect for this conflict to be 
resolved. The Forum has been notified about this conflict and should 
decide (according to the last paragraph of 9.16.3) whether to consider 
possible revisions or dismiss this issue.

BTW, I tried to find the latest official version of ISO3166-1 but it is 
not free, so if anyone has it and can provide any possible references to 
C=EL, I'd be happy to hear.


Dimitris.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170320/0e261b62/attachment.html>


More information about the Public mailing list