[cabfpub] C=GR, C=UK exceptions in BRs

philliph at comodo.com philliph at comodo.com
Sun Mar 19 17:37:28 UTC 2017 

I am finding this conversation rather difficult to follow. To say ‘here be dragons’ is more than an understatement.

Certificates in the WebPKI were designed to do two things:

1) Provide a binding of keys to the identifiers used by Internet protocols

2) Establish accountability by binding keys to identifiers of the subject in a form that enables legal consequences in a particular jurisdiction.

The reason we end up in international diplomacy is that the second requirement entails establishing the identity of a subject in terms the jurisdiction recognizes. And that in turn gets us into the real problem of territorial claims.

To respond to a much earlier point raised that ‘ISO probably had a good reason for picking GB over UK’, no it did not. I am a Citizen of the United Kingdom of Great Britain and Northern Ireland. I am not a GB citizen, no such citizenship exists. ISO had a political reason. 

This issue came up in the DNS The only reason country codes exist is that the UK JANET system used the address form uk.ac.ox.np. Gating JANET to the Internet was one of the things that turned the Internet from a local network into an international one. But it created the precedent for country codes which is where the ISO country code issue came from. And yes, they did know at the time that the ISO code for the UK is GB.

This is really not a forum I care to enter into extended discussions on an issue which has led to two assassination attempts against one of my cousins (both failed). Suffice it to say that it is a really bad idea for ISO, still less this forum to start deciding to tell countries what they are allowed to call themselves. And given the politics in the UK right now, anyone who thinks their corporate counsel or CEO are going to thank them for putting their trans-national company in a position where it is forced to take sides is probably making a career limiting move.


The WebPKI is complicated because it is the interface between the Internet and the real world and the real world is very complicated.

The status quo for 20 years has been that UK is used in WebPKI Certificate Subject Names. That was not an accident or a mistake. I knew full well that the ISO country code was GB because I had discussed it with Postel and with the people from the ‘UK Cabinet Office’ who came round to impress upon me that HMG was very insistent on this particular point.

More information about the Public mailing list