[cabfpub] [cabfquest] BR 7.1.4.2.2.j Other Subject Attributes
Geoff Keating
geoffk at apple.com
Wed Feb 20 22:26:41 UTC 2019
My response would be that the OU could be a single hyphen minus, but this does not mean ‘absent’ or ’none provided’, it means the organization unit’s name is ‘-’. (Perhaps other units are called ‘•’, ‘▷’, and ‘◆’.)
It’s definitely the case that 7.1.4.2.2j does not apply to 7.1.4.2.2i, this was intentional because we did not want to require CAs to verify the names of organization units.
> On Feb 19, 2019, at 6:30 PM, sts07065692175 at ezweb.ne.jp wrote:
>
> Thank you for your confirmation.
>
> Is it possible that the value of OU of subject distinguished
> name in a BR subscriber certificate is a single hyphen minus,
> provided that the value satisfies conditions of 7.1.4.2.2.i?
> --
> iida
>
>> Hello,
>>
>> Thank you for contacting the CA/B Forum. You are correct. 7.1.4.2.2.j
>> applies to Subject attributes other than those listed in .a through .i, and
>> the Baseline Requirements permit CAs to include Subject attributes that are
>> not defined in 7.1.4.2.2 (Note that different rules apply to EV).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3395 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20190220/8d3b2a86/attachment.p7s>
More information about the Public
mailing list