[cabfpub] Possible future amendments to SC17

Tim Hollebeek tim.hollebeek at digicert.com
Thu May 30 18:06:43 UTC 2019

For the first issue, I'm happy to change 2 to "up to three" in the spring
cleanup ballot, if it's non-controversial.


The second issue is more complicated.  I like your approach and we should
talk about it in Thessaloniki.




From: Public <public-bounces at cabforum.org> On Behalf Of Kirk Hall via Public
Sent: Thursday, May 30, 2019 12:27 PM
To: CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: [cabfpub] Possible future amendments to SC17


Having just finished with Ballot SC17, I doubt we want to start a round of
amendments - but I suggest we create a bucket of issues to be addressed in a
future update ballot.


Our vetting team has found two issues relating to the NTR


When the ballot describes the special case of possible subdivision codes for
the NTR Registration Scheme identifier it references 'a two character ISO
3166-2 identifier.' 

For the NTR Registration Scheme identifier, if required under Section 9.2.4,
a two character ISO 3166-2 identifier for the subdivision (state or
province) of the nation in which the Registration Scheme is operated,
preceded by plus "+" (0x2B (ASCII), U+002B (UTF-8));

But if we look up ISO 3166-2, we see this:

Each complete ISO 3166-2 code consists of two parts, separated by a hyphen: 

*        The first part is the ISO 3166-1 alpha-2
<https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2>  code of the country;

*        The second part is a string of up to three alphanumeric characters,
which is usually obtained from national sources and stems from coding
systems already in use in the country concerned, but may also be developed
by the ISO itself.

Sure enough, 3 character state/province codes are in use. For example, by
France <https://en.wikipedia.org/wiki/ISO_3166-2:FR> 

This will not be a problem if the country in question only registers
organizations at the national level - but it could cause problems if
registration can or must occur at the state/province level where the ISO
identifier is 3 characters.  Let's change SC17 later to allow 3 characters.

(2) Ballot SC17 also created a new definition of Registration Reference,
then specified how it should be included in the OrgID field and extension:

Registration Reference: A unique identifier assigned to a Legal Entity.

[Include the] Registration Reference allocated in accordance with the
identified Registration Scheme

In most countries the Registration Reference for an organization is an
alpha-numeric string, but in some countries (as in Spain), it is the
equivalent of saying "Book XX, Page YY" where the registration record is
located - It's hard to figure out how to format that in a PSD2 cert.  Also,
some states, such as New York, don't have an alphanumeric string as a
corporation's serial number, but instead use the date of incorporation -
again, hard to format without further instructions.

On this one, maybe we add a Part 2 to new Appendix H where we specify
formats for each difficult case that comes up for NTR numbers.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20190530/542d5f74/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 31258 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20190530/542d5f74/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20190530/542d5f74/attachment-0003.p7s>

More information about the Public mailing list