[cabfpub] [cabfquest] BR Other Subject Attributes

Wayne Thayer wthayer at mozilla.com
Thu Feb 21 01:52:00 UTC 2019

On Wed, Feb 20, 2019 at 3:26 PM Geoff Keating via Public <
public at cabforum.org> wrote:

> My response would be that the OU could be a single hyphen minus, but this
> does not mean ‘absent’ or ’none provided’, it means the organization unit’s
> name is ‘-’.  (Perhaps other units are called ‘•’, ‘▷’, and ‘◆’.)
> It’s definitely the case that does not apply to,
> this was intentional because we did not want to require CAs to verify the
> names of organization units.
> I agree with you but I also think this contradicts a lot of the
discussions that have happened over the past few years, such as the one
Dean referenced.

I also agree with Jeremy's statement that this is "the semi-official
interpretation of the requirement based on unofficial discussion", but from
a practical perspective, this has been treated as misissuance [1][2], so I
think the conservative reponse I provided to Dean is appropriate.

This issue is related to the ambiguity in EVGL section 9.2.8, and if no one
beats me to it, I will propose a ballot to clarify both of these sections.

- Wayne

[1] https://misissued.com/batch/5/

> > On Feb 19, 2019, at 6:30 PM, sts07065692175 at ezweb.ne.jp wrote:
> >
> > Thank you for your confirmation.
> >
> > Is it possible that the value of OU of subject distinguished
> > name in a BR subscriber certificate is a single hyphen minus,
> > provided that the value satisfies conditions of
> > --
> >  iida
> >
> >> Hello,
> >>
> >> Thank you for contacting the CA/B Forum. You are correct.
> >> applies to Subject attributes other than those listed in .a through .i,
> and
> >> the Baseline Requirements permit CAs to include Subject attributes that
> are
> >> not defined in (Note that different rules apply to EV).
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20190220/bcbafff2/attachment-0003.html>

More information about the Public mailing list