[Servercert-wg] [EXTERNAL] Clarification about EVG 9.2.4
Bruce Morton
Bruce.Morton at entrustdatacard.com
Mon Dec 2 10:12:27 MST 2019
Hi Dimitris,
My interpretation is the following:
1. If the organization is registered at the country level, then the certificate must include the subject:jurisdictionCountryName.
2. If the organization is registered as the state/province level, then the certificate must include the subject:jurisdictionStateOrProvinceName and the subject:jurisdictionCountryName.
3. If the organization is registered at the locality level, then the certificate must include the subject:jurisdictionLocalityName and the subject:jurisdictionCountryName; and must include the subject:jurisdictionStateOrProvinceName, only if the locality is in a state/province.
Bruce.
From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of Dimitris Zacharopoulos (HARICA) via Servercert-wg
Sent: Monday, December 2, 2019 12:02 PM
To: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Subject: [EXTERNAL][Servercert-wg] Clarification about EVG 9.2.4
WARNING: This email originated outside of Entrust Datacard.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
________________________________
Dear members,
I would like to ask for a clarification/interpretation about section 9.2.4 of the EV Guidelines and please forgive me if this has been discussed in the past.
9.2.4. Subject Jurisdiction of Incorporation or Registration Field
"Contents: These fields MUST NOT contain information that is not relevant to the level of the Incorporating Agency or Registration Agency. For example, the Jurisdiction of Incorporation for an Incorporating Agency or Jurisdiction of Registration for a Registration Agency that operates at the country level MUST include the country information but MUST NOT include the state or province or locality information. Similarly, the jurisdiction for the applicable Incorporating Agency or Registration Agency at the state or province level MUST include both country and state or province information, but MUST NOT include locality information. And, the jurisdiction for the applicable Incorporating Agency or Registration Agency at the locality level MUST include the country and state or province information, where the state or province regulates the registration of the entities at the locality level, as well as the locality information. Country information MUST be specified using the applicable ISO country code. State or province or locality information (where applicable) for the Subject's Jurisdiction of Incorporation or Registration MUST be specified using the full name of the applicable jurisdiction."
Is it allowed to include a subject:jurisdictionLocalityName without providing a subject:jurisdictionStateOrProvinceName?
The requirement says "And, the jurisdiction for the applicable Incorporating Agency or Registration Agency at the locality level MUST include the country and state or province information, where the state or province regulates the registration of the entities at the locality level, as well as the locality information."
In one interpretation, if there is no "state or province" that regulates the registration of entities but this registration is done at the locality level, then the subject:jurisdictionStateOrProvinceName can be omitted and only the subject:jurisdictionLocalityName is included along with the subject:jurisdictionCountryName. Is this an accurate and valid interpretation?
Thank you,
Dimitris.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191202/b4986eb7/attachment-0001.html>
More information about the Servercert-wg
mailing list