[cabfpub] Possible future amendments to SC17

Kirk Hall Kirk.Hall at entrustdatacard.com
Thu May 30 16:27:01 UTC 2019


Having just finished with Ballot SC17, I doubt we want to start a round of amendments - but I suggest we create a bucket of issues to be addressed in a future update ballot.

Our vetting team has found two issues relating to the NTR organizationIdentifier:

When the ballot describes the special case of possible subdivision codes for the NTR Registration Scheme identifier it references 'a two character ISO 3166-2 identifier...'

For the NTR Registration Scheme identifier, if required under Section 9.2.4, a two character ISO 3166-2 identifier for the subdivision (state or province) of the nation in which the Registration Scheme is operated, preceded by plus "+" (0x2B (ASCII), U+002B (UTF-8));
But if we look up ISO 3166-2, we see this:

Each complete ISO 3166-2 code consists of two parts, separated by a hyphen:
*       The first part is the ISO 3166-1 alpha-2<https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2> code of the country;
*       The second part is a string of up to three alphanumeric characters, which is usually obtained from national sources and stems from coding systems already in use in the country concerned, but may also be developed by the ISO itself.
Sure enough, 3 character state/province codes are in use. For example, by France<https://en.wikipedia.org/wiki/ISO_3166-2:FR>
[cid:image002.png at 01D51229.E22AEA00]

This will not be a problem if the country in question only registers organizations at the national level - but it could cause problems if registration can or must occur at the state/province level where the ISO identifier is 3 characters.  Let's change SC17 later to allow 3 characters.
(2) Ballot SC17 also created a new definition of Registration Reference, then specified how it should be included in the OrgID field and extension:
Registration Reference: A unique identifier assigned to a Legal Entity.
[Include the] Registration Reference allocated in accordance with the identified Registration Scheme
In most countries the Registration Reference for an organization is an alpha-numeric string, but in some countries (as in Spain), it is the equivalent of saying "Book XX, Page YY" where the registration record is located - It's hard to figure out how to format that in a PSD2 cert.  Also, some states, such as New York, don't have an alphanumeric string as a corporation's serial number, but instead use the date of incorporation - again, hard to format without further instructions.
On this one, maybe we add a Part 2 to new Appendix H where we specify formats for each difficult case that comes up for NTR numbers.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20190530/27c66a6c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 31258 bytes
Desc: image002.png
URL: <http://cabforum.org/pipermail/public/attachments/20190530/27c66a6c/attachment-0001.png>


More information about the Public mailing list