[Servercert-wg] [EXTERNAL] Clarification about EVG 9.2.4
Ryan Sleevi
sleevi at google.com
Wed Dec 4 14:37:34 MST 2019
Do you not believe the solution I offered - which would go significantly
further in addressing _Browser_ concerns - would work?
I don't see your proposed solution meaningfully addressing the underlying
problem? It's not that I disagree that definitional precision is useful,
but I do not believe you can have sufficient definitional precision to
guarantee interoperability, especially compared with substantially simpler,
clearer approaches than finessing definitions.
On Wed, Dec 4, 2019 at 3:56 PM Tim Hollebeek <tim.hollebeek at digicert.com>
wrote:
> The problem is the old “is a canton a state or province” issue that we’ve
> discussed before. The X.520 definition is far too broad, as it allows
> pretty much any geographical subdivision. I don’t think we want to be
> auditing against “associated in some other important way.”
>
>
>
> ISO 3166-2 is a potential way to resolve it, and one we favor, but as it
> stands right now, the BRs are currently vague about what is or is not a
> state or province. We should fix that. In fact, it’s on my unofficial top
> ten list of things that needs to fixed about the BRs.
>
>
>
> One interesting question is whether there exist multiple identically named
> localities that register businesses in a single country, where a ISO 3166-2
> state or province WOULD NOT disambiguate them. That seems unlikely, but
> the world is weird.
>
>
>
> Stated another way: Is requiring a ISO 3166-2 state or province (if
> applicable), sufficient to disambiguate all jurisdictions where
> registration can happen at the locality level? It certainly fixes the US
> case (I think: census designated places and unincorporated areas cannot
> register companies).
>
>
>
> -Tim
>
>
>
> *From:* Servercert-wg <servercert-wg-bounces at cabforum.org> *On Behalf Of *Ryan
> Sleevi via Servercert-wg
> *Sent:* Tuesday, December 3, 2019 4:48 PM
> *To:* Jeremy Rowley <jeremy.rowley at digicert.com>; CA/B Forum Server
> Certificate WG Public Discussion List <servercert-wg at cabforum.org>
> *Subject:* Re: [Servercert-wg] [EXTERNAL] Clarification about EVG 9.2.4
>
>
>
> I'm not sure I understand this objection, could you explain a little more?
>
>
>
> Are you suggesting there needs to be an X.520 reference to understand the
> semantics of the subdivision level?
>
>
>
> Specifically, X.520 describes it as:
>
> "The State or Province Name attribute type specifies a state or province.
> When used as a component of a directory name,
>
> it identifies a geographical subdivision in which the named object is
> physically located or with which it is associated in
> some other important way."
>
>
>
> and/or something like ISO 3166-2 defines it, which is the principal
> subdivision of a country aka the "first-level administrative domain"?
>
>
>
> Or is this only an objection with respect to the removal of "where the
> state or province regulates the registration of the entities at the
> locality level", which naturally leads to the state being the first-level
> administrative domain while locality representing a secondary, tertiary, or
> further subdivision within that superdivision?
>
>
>
> On Tue, Dec 3, 2019 at 4:17 PM Jeremy Rowley via Servercert-wg <
> servercert-wg at cabforum.org> wrote:
>
> State is not yet a defined term. We still need to get he ballot passed
> that defines what a state is as either part of this change or as a change
> that happens at the same time. Otherwise, you end up clarifying that we
> need “something” in the state field, but not specifying what that
> “something” is.
>
>
>
> *From:* Servercert-wg <servercert-wg-bounces at cabforum.org> *On Behalf Of *Dimitris
> Zacharopoulos (HARICA) via Servercert-wg
> *Sent:* Tuesday, December 3, 2019 12:18 PM
> *To:* servercert-wg at cabforum.org
> *Subject:* Re: [Servercert-wg] [EXTERNAL] Clarification about EVG 9.2.4
>
>
>
> Thanks everyone for your contributions to this topic.
>
> To summarize so far, there seems to be a majority preference to require
> the JoI-StateOrProvince to always be included in the subjectDN if the
> JoI-Locality exists, for disambiguation purposes.
>
> The current requirement: "And, the jurisdiction for the applicable
> Incorporating Agency or Registration Agency at the locality level MUST
> include the country and state or province information, where the state or
> province regulates the registration of the entities at the locality level,
> as well as the locality information."
>
> Proposed new requirement: "And, the jurisdiction for the applicable
> Incorporating Agency or Registration Agency at the locality level MUST
> include the country and state or province information, where the state or
> province regulates the registration of the entities at the locality level,
> as well as the locality information."
>
> However, I must admit that the same dilemma was in the Baseline
> Requirements when it was decided (long before I joined the Forum) that
> EITHER subject:stateOrProvinceName OR subject:localityName OR BOTH must be
> included. I assume this was for Countries that didn't have "States Or
> Provinces" but only "Localities". How is this going to play out in the JoI
> case? If we assume a country that doesn't have "States Or Provinces", it
> probably won't have "jurisdictionOfIncorporation" at a State Or Province
> level. How would this be resolved?
>
>
> Dimitris.
>
> On 2019-12-03 7:10 μ.μ., Kirk Hall via Servercert-wg wrote:
>
> Dimitris – When registration is done at the local level, it could be
> ambiguous if we allow CAs to only list *subject:jurisdictionLocalityName *and
> the *subject:jurisdictionCountryName, **but omit the**
> subject:jurisdictionStateOrProvinceName.*
>
>
>
> *I have listed below all the towns in the US named either “Salem” or
> “Springfield” (thanks, Wikipedia) – there are a lot of them. If place of
> registration in an EV certificate is just listed as “Salem, US” or
> “Springfield, US” there would be a potential disambiguation problem.*
>
>
>
> *I think Bruce Morton’s interpretation is correct – if the place of
> official registration is at the locality level, CAs should also include the
> State or Province (if any) and the Country.*
>
>
> United States[edit
> <https://en.wikipedia.org/w/index.php?title=Salem&action=edit§ion=7&editintro=Template:Disambig_editintro>
> ]
>
> · Salem, Alabama <https://en.wikipedia.org/wiki/Salem,_Alabama>
>
> · Salem, Fulton County, Arkansas
> <https://en.wikipedia.org/wiki/Salem,_Fulton_County,_Arkansas>, a city
>
> · Salem, Saline County, Arkansas
> <https://en.wikipedia.org/wiki/Salem,_Saline_County,_Arkansas>, a
> census-designated place
>
> · Salem, Connecticut
> <https://en.wikipedia.org/wiki/Salem,_Connecticut>
>
> · Salem, Florida <https://en.wikipedia.org/wiki/Salem,_Florida>
>
> · Salem, Georgia <https://en.wikipedia.org/wiki/Salem,_Georgia>, in
> Upson County
>
> · Salem, Oconee County, Georgia
> <https://en.wikipedia.org/wiki/Salem,_Oconee_County,_Georgia>
>
> · Salem, Illinois <https://en.wikipedia.org/wiki/Salem,_Illinois>
>
> · Salem, Indiana <https://en.wikipedia.org/wiki/Salem,_Indiana>, city
> in Washington County
>
> · Salem, Adams County, Indiana
> <https://en.wikipedia.org/wiki/Salem,_Adams_County,_Indiana>,
> unincorporated place
>
> · Salem, Jay County, Indiana
> <https://en.wikipedia.org/wiki/Salem,_Jay_County,_Indiana>,
> unincorporated place
>
> · Salem, Union County, Indiana
> <https://en.wikipedia.org/wiki/Salem,_Union_County,_Indiana>,
> unincorporated place
>
> · Salem, Iowa <https://en.wikipedia.org/wiki/Salem,_Iowa>
>
> · Salem, Kentucky <https://en.wikipedia.org/wiki/Salem,_Kentucky>
>
> · Salem, Massachusetts
> <https://en.wikipedia.org/wiki/Salem,_Massachusetts>
>
> o Salem Maritime National Historic Site
> <https://en.wikipedia.org/wiki/Salem_Maritime_National_Historic_Site>
>
> o Salem witch trials <https://en.wikipedia.org/wiki/Salem_witch_trials>,
> a 1692–93 series of hearings and prosecutions
>
> o Salem Harbor <https://en.wikipedia.org/wiki/Salem_Harbor>
>
> o Salem Channel <https://en.wikipedia.org/wiki/Salem_Channel>, a part
> of the Salem Sound
>
> o Salem (MBTA station)
> <https://en.wikipedia.org/wiki/Salem_(MBTA_station)>
>
> · Salem Township, Washtenaw County, Michigan
> <https://en.wikipedia.org/wiki/Salem_Township,_Washtenaw_County,_Michigan>
>
> · Salem, Missouri <https://en.wikipedia.org/wiki/Salem,_Missouri>,
> county seat of Dent County
>
> · Salem, Lewis County, Missouri
> <https://en.wikipedia.org/wiki/Salem,_Lewis_County,_Missouri>
>
> · Salem, Nebraska <https://en.wikipedia.org/wiki/Salem,_Nebraska>
>
> · Salem, New Hampshire
> <https://en.wikipedia.org/wiki/Salem,_New_Hampshire>
>
> · Salem, New Jersey <https://en.wikipedia.org/wiki/Salem,_New_Jersey>
>
> o Salem Nuclear Power Plant
> <https://en.wikipedia.org/wiki/Salem_Nuclear_Power_Plant>
>
> o Salem River <https://en.wikipedia.org/wiki/Salem_River>, a tributary
> of the Delaware River
>
> o Port of Salem <https://en.wikipedia.org/wiki/Port_of_Salem>
>
> · Salem, New Mexico <https://en.wikipedia.org/wiki/Salem,_New_Mexico>
>
> · Salem, New York <https://en.wikipedia.org/wiki/Salem,_New_York>,
> town in Washington County
>
> o Salem (hamlet), New York
> <https://en.wikipedia.org/wiki/Salem_(hamlet),_New_York>, within the town
> of Salem
>
> · Salem, an earlier name of Brocton, New York
> <https://en.wikipedia.org/wiki/Brocton,_New_York>, in Chautauqua County
>
> · Salem, North Carolina
> <https://en.wikipedia.org/wiki/Salem,_North_Carolina>, census-designated
> place in Burke County
>
> · Winston-Salem, North Carolina
> <https://en.wikipedia.org/wiki/Winston-Salem,_North_Carolina>, in Forsyth
> County
>
> o Old Salem <https://en.wikipedia.org/wiki/Old_Salem>, a history museum
> in Winston-Salem
>
> · Salem, Ohio <https://en.wikipedia.org/wiki/Salem,_Ohio>
>
> · Salem, Oklahoma <https://en.wikipedia.org/wiki/Salem,_Oklahoma>
>
> · Salem, Oregon <https://en.wikipedia.org/wiki/Salem,_Oregon>, the
> state capital
>
> o Salem Metropolitan Statistical Area
> <https://en.wikipedia.org/wiki/Salem_Metropolitan_Statistical_Area>,
> consisting of Marion and Polk counties
>
> o Salem station (Oregon)
> <https://en.wikipedia.org/wiki/Salem_station_(Oregon)>, a railroad station
>
> · Salem, South Carolina
> <https://en.wikipedia.org/wiki/Salem,_South_Carolina>
>
> · Salem, South Dakota
> <https://en.wikipedia.org/wiki/Salem,_South_Dakota>, county seat of
> McCook County
>
> · Salem, Tennessee <https://en.wikipedia.org/wiki/Salem,_Tennessee>,
> an unincorporated community
>
> · Salem, Cherokee County, Texas
> <https://en.wikipedia.org/wiki/Salem,_Cherokee_County,_Texas>, an
> unincorporated community
>
> · Salem, Smith County, Texas
> <https://en.wikipedia.org/wiki/Salem,_Smith_County,_Texas>, an
> unincorporated community
>
> · Salem, Utah <https://en.wikipedia.org/wiki/Salem,_Utah>
>
> · Salem, Virginia <https://en.wikipedia.org/wiki/Salem,_Virginia>, an
> independent city adjacent to Roanoke
>
> · Salem, Virginia Beach, Virginia
> <https://en.wikipedia.org/wiki/Salem,_Virginia_Beach,_Virginia>, a
> neighborhood
>
> · Salem, West Virginia
> <https://en.wikipedia.org/wiki/Salem,_West_Virginia>, a city in Harrison
> County
>
> · Salem, Fayette County, West Virginia
> <https://en.wikipedia.org/wiki/Salem,_Fayette_County,_West_Virginia>, an
> unincorporated community
>
> · Salem, Wisconsin (disambiguation)
> <https://en.wikipedia.org/wiki/Salem,_Wisconsin_(disambiguation)>,
> several places in Wisconsin
>
>
>
>
> United States[edit
> <https://en.wikipedia.org/w/index.php?title=Springfield&action=edit§ion=9&editintro=Template:Disambig_editintro>
> ]
>
> · Springfield, Alabama, unincorporated community
>
> · Springfield, Arkansas
> <https://en.wikipedia.org/wiki/Springfield,_Arkansas>
>
> · Springfield, California
> <https://en.wikipedia.org/wiki/Springfield,_California>
>
> · Springfield, Colorado
> <https://en.wikipedia.org/wiki/Springfield,_Colorado>
>
> · Springfield, Florida
> <https://en.wikipedia.org/wiki/Springfield,_Florida>, a city in Bay County
>
> · Springfield (Jacksonville)
> <https://en.wikipedia.org/wiki/Springfield_(Jacksonville)>, Florida, a
> neighborhood
>
> · Springfield, Georgia
> <https://en.wikipedia.org/wiki/Springfield,_Georgia>
>
> · Springfield, Idaho
> <https://en.wikipedia.org/wiki/Springfield,_Idaho>
>
> · Springfield, Illinois
> <https://en.wikipedia.org/wiki/Springfield,_Illinois>, the state capital
> of Illinois
>
> o Springfield metropolitan area, Illinois
> <https://en.wikipedia.org/wiki/Springfield_metropolitan_area,_Illinois>
>
> · Springfield, LaPorte County, Indiana
> <https://en.wikipedia.org/wiki/Springfield,_LaPorte_County,_Indiana>
>
> · Springfield, Posey County, Indiana
> <https://en.wikipedia.org/wiki/Springfield,_Posey_County,_Indiana>
>
> · Springfield, Kentucky
> <https://en.wikipedia.org/wiki/Springfield,_Kentucky>
>
> · Springfield, Louisiana
> <https://en.wikipedia.org/wiki/Springfield,_Louisiana>
>
> · Springfield, Maine
> <https://en.wikipedia.org/wiki/Springfield,_Maine>
>
> · Springfield, Massachusetts
> <https://en.wikipedia.org/wiki/Springfield,_Massachusetts>, the first
> Springfield settled in America
>
> o Springfield metropolitan area, Massachusetts
> <https://en.wikipedia.org/wiki/Springfield_metropolitan_area,_Massachusetts>,
> the most populous Metropolitan Springfield Area
>
> · Springfield, Michigan
> <https://en.wikipedia.org/wiki/Springfield,_Michigan>, a city in Calhoun
> County
>
> · Springfield, Minnesota
> <https://en.wikipedia.org/wiki/Springfield,_Minnesota>, in Brown County
>
> · Springfield, Missouri
> <https://en.wikipedia.org/wiki/Springfield,_Missouri>, the most populous
> city named Springfield in the United States
>
> o Springfield metropolitan area, Missouri
> <https://en.wikipedia.org/wiki/Springfield_metropolitan_area,_Missouri>
>
> · Springfield, Nebraska
> <https://en.wikipedia.org/wiki/Springfield,_Nebraska>
>
> · Springfield, New Hampshire
> <https://en.wikipedia.org/wiki/Springfield,_New_Hampshire>
>
> · Springfield Township, Burlington County, New Jersey
> <https://en.wikipedia.org/wiki/Springfield_Township,_Burlington_County,_New_Jersey> (referred
> to as "Springfield")
>
> · Springfield Township, Union County, New Jersey
> <https://en.wikipedia.org/wiki/Springfield_Township,_Union_County,_New_Jersey> (referred
> to as "Springfield")
>
> · Springfield/Belmont, Newark, New Jersey
> <https://en.wikipedia.org/wiki/Springfield/Belmont,_Newark,_New_Jersey>,
> a neighborhood of Newark
>
> · Springfield, New York
> <https://en.wikipedia.org/wiki/Springfield,_New_York>
>
> · Springfield, Ohio <https://en.wikipedia.org/wiki/Springfield,_Ohio>
>
> · Springfield, Oregon
> <https://en.wikipedia.org/wiki/Springfield,_Oregon>
>
> · Springfield Township, Pennsylvania (disambiguation)
> <https://en.wikipedia.org/wiki/Springfield_Township,_Pennsylvania_(disambiguation)>
>
> · Springfield, South Carolina
> <https://en.wikipedia.org/wiki/Springfield,_South_Carolina>
>
> · Springfield, South Dakota
> <https://en.wikipedia.org/wiki/Springfield,_South_Dakota>
>
> · Springfield, Tennessee
> <https://en.wikipedia.org/wiki/Springfield,_Tennessee>
>
> · Springfield, Texas
> <https://en.wikipedia.org/wiki/Springfield,_Texas>, Jim Wells County
>
> · Springfield, former town and county seat of Limestone County,
> Texas, now part of Fort Parker State Park
> <https://en.wikipedia.org/wiki/Fort_Parker_State_Park>
>
> · Springfield, Vermont
> <https://en.wikipedia.org/wiki/Springfield,_Vermont>
>
> o Springfield (CDP), Vermont
> <https://en.wikipedia.org/wiki/Springfield_(CDP),_Vermont>
>
> · Springfield, Virginia
> <https://en.wikipedia.org/wiki/Springfield,_Virginia>
>
> · Springfield, Albemarle County, Virginia
> <https://en.wikipedia.org/wiki/Springfield,_Albemarle_County,_Virginia>
>
> · Springfield (Coatesville, Virginia)
> <https://en.wikipedia.org/wiki/Springfield_(Coatesville,_Virginia)>, an
> historic home
>
> · Springfield, Page County, Virginia
> <https://en.wikipedia.org/wiki/Springfield,_Page_County,_Virginia>
>
> · Springfield, Westmoreland County, Virginia
> <https://en.wikipedia.org/wiki/Springfield,_Westmoreland_County,_Virginia>
>
> · Springfield, West Virginia
> <https://en.wikipedia.org/wiki/Springfield,_West_Virginia>
>
> · Springfield, Dane County, Wisconsin
> <https://en.wikipedia.org/wiki/Springfield,_Dane_County,_Wisconsin>, a
> town
>
> o Springfield Corners, Wisconsin
> <https://en.wikipedia.org/wiki/Springfield_Corners,_Wisconsin>, an
> unincorporated community
>
> · Springfield, Jackson County, Wisconsin
> <https://en.wikipedia.org/wiki/Springfield,_Jackson_County,_Wisconsin>, a
> town
>
> · Springfield, Marquette County, Wisconsin
> <https://en.wikipedia.org/wiki/Springfield,_Marquette_County,_Wisconsin>,
> a town
>
> · Springfield, St. Croix County, Wisconsin
> <https://en.wikipedia.org/wiki/Springfield,_St._Croix_County,_Wisconsin>,
> a town
>
> · Springfield, Walworth County, Wisconsin
> <https://en.wikipedia.org/wiki/Springfield,_Walworth_County,_Wisconsin>,
> an unincorporated community
>
>
>
>
>
> *From:* Servercert-wg <servercert-wg-bounces at cabforum.org>
> <servercert-wg-bounces at cabforum.org> *On Behalf Of *Dimitris
> Zacharopoulos (HARICA) via Servercert-wg
> *Sent:* Tuesday, December 3, 2019 12:29 AM
> *To:* Cynthia Revström <me at cynthia.re> <me at cynthia.re>; Jeremy Rowley
> <jeremy.rowley at digicert.com> <jeremy.rowley at digicert.com>; CA/B Forum
> Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
> <servercert-wg at cabforum.org>
> *Subject:* Re: [Servercert-wg] [EXTERNAL] Clarification about EVG 9.2.4
>
>
>
> Hi Cynthia,
>
> I think your comment is not so much related to the issue at hand. The
> language for JoI-Locality is the one that needs to be clarified. We are
> very clear about the other cases.
>
> My original interpretation was that no matter what, if an organization is
> registered at the locality level, the subjectDN MUST always include *subject:jurisdictionLocalityName
> *AND *subject:jurisdictionStateOrProvinceName* AND the
> *subject:jurisdictionCountryName.* After reading it more carefully I came
> to the conclusion that there is a different interpretation which was
> confirmed by Jeremy.
>
> Now, all we need to do is confirm that this was the original intent and if
> so, we may be able to improve this part of the EVG to make it more clear
> that it is allowed to include *subject:jurisdictionLocalityName* without
> a *subject:jurisdictionStateOrProvinceName* entry, for the case where the
> Country doesn't offer registration at the State or Province level.
>
> Is there anyone that objects to this interpretation?
>
>
> Thank you,
> Dimitris.
>
> On 2019-12-02 7:58 μ.μ., Cynthia Revström wrote:
>
> Hello,
>
> My interpretation would be that for example if we take Apple as an
> example, it would be jC=US, jST=California but no locality.
>
> I understand that this will get very complicated, as for example, in
> Sweden, limited companies are at a national level while for example sole
> proprietorships are at a county level.
>
> - Cynthia
>
>
>
> On Mon, Dec 2, 2019 at 6:50 PM Jeremy Rowley via Servercert-wg <
> servercert-wg at cabforum.org> wrote:
>
> I disagree as that's not what the language says. It says to include the
> state field if the state regulates registration of the locality. I can't
> speak to Toronto and how it incorporates entities (if it does), but I think
> the answer depends heavily on the locality, the type of entity, and how
> registration occurs.
> ------------------------------
>
> *From:* Servercert-wg <servercert-wg-bounces at cabforum.org> on behalf of
> Bruce Morton via Servercert-wg <servercert-wg at cabforum.org>
> *Sent:* Monday, December 2, 2019 10:45:32 AM
> *To:* Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr>; CA/B Forum
> Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
> *Subject:* Re: [Servercert-wg] [EXTERNAL] Clarification about EVG 9.2.4
>
>
>
> I guess I am saying that you must include the jurisdiction level where the
> organization was registered. If the organization was registered at the
> locality level, then the certificate must include jL and jC. If the country
> has no states or provinces, then jST must not be used. If the country has
> states or provinces, then jST must be used, where jST is the state/province
> for jL.
>
>
>
> Let’s say that we have a company based in Toronto, Ontario, Canada; if it
> was registered in:
>
> 1. Canada, then the certificate must only have jC=CA
> 2. Ontario, then the certificate must only have jST=Ontario and jC=CA.
> It cannot have jL=Toronto as the company was not registered by a registrar
> at the locality level.
> 3. Toronto, then the certificate must have all 3, jL=Toronto,
> jST=Ontario and jC=CA. jST must be included to help identity where the
> locality is.
>
>
>
> Bruce
>
>
>
> *From:* Dimitris Zacharopoulos (HARICA) <dzacharo at harica.gr>
> *Sent:* Monday, December 2, 2019 12:26 PM
> *To:* Bruce Morton <Bruce.Morton at entrustdatacard.com>; CA/B Forum Server
> Certificate WG Public Discussion List <servercert-wg at cabforum.org>
> *Subject:* Re: [EXTERNAL][Servercert-wg] Clarification about EVG 9.2.4
>
>
>
>
>
> On 2019-12-02 7:12 μ.μ., Bruce Morton wrote:
>
> Hi Dimitris,
>
>
>
> My interpretation is the following:
>
>
>
> 1. If the organization is registered at the country level, then the
> certificate must include the *subject:jurisdictionCountryName.*
> 2. *If *the organization is *registered as the state/province level, *then
> the certificate must include the
> *subject:jurisdictionStateOrProvinceName* and the
> *subject:jurisdictionCountryName.*
> 3. *If *the organization is *registered at the locality level, *then
> the certificate must include the *subject:jurisdictionLocalityName*
> and the *subject:jurisdictionCountryName;** and must include the **subject:jurisdictionStateOrProvinceName,
> **only if the locality is in a state/province.*
>
>
> Hi Bruce, thanks for your reply.
>
> The first two are quite clear.
>
> The following:
> "*and must include the **subject:jurisdictionStateOrProvinceName, **only
> if the locality is in a state/province"*
>
> is not so clear to me. Perhaps you could elaborate with a couple of
> theoretical examples? I seems that the StateOrProvince is mixed with
> Locality in your description but I might have misunderstood.
>
>
> Dimitris.
>
>
>
> 1.
>
>
>
> *Bruce.*
>
>
>
> *From:* Servercert-wg <servercert-wg-bounces at cabforum.org>
> <servercert-wg-bounces at cabforum.org> *On Behalf Of *Dimitris
> Zacharopoulos (HARICA) via Servercert-wg
> *Sent:* Monday, December 2, 2019 12:02 PM
> *To:* CA/B Forum Server Certificate WG Public Discussion List
> <servercert-wg at cabforum.org> <servercert-wg at cabforum.org>
> *Subject:* [EXTERNAL][Servercert-wg] Clarification about EVG 9.2.4
>
>
>
> *WARNING:* This email originated outside of Entrust Datacard.
> *DO NOT CLICK* links or attachments unless you trust the sender and know
> the content is safe.
> ------------------------------
>
>
> Dear members,
>
> I would like to ask for a clarification/interpretation about section 9.2.4
> of the EV Guidelines and please forgive me if this has been discussed in
> the past.
> 9.2.4. Subject Jurisdiction of Incorporation or Registration Field
>
> "*Contents:* These fields MUST NOT contain information that is not
> relevant to the level of the Incorporating Agency or Registration Agency.
> For example, the Jurisdiction of Incorporation for an Incorporating Agency
> or Jurisdiction of Registration for a Registration Agency that operates at
> the country level MUST include the country information but MUST NOT include
> the state or province or locality information. Similarly, the jurisdiction
> for the applicable Incorporating Agency or Registration Agency at the state
> or province level MUST include both country and state or province
> information, but MUST NOT include locality information. And, the
> jurisdiction for the applicable Incorporating Agency or Registration Agency
> at the locality level MUST include the country and state or province
> information, where the state or province regulates the registration of the
> entities at the locality level, as well as the locality information.
> Country information MUST be specified using the applicable ISO country
> code. State or province or locality information (where applicable) for the
> Subject's Jurisdiction of Incorporation or Registration MUST be specified
> using the full name of the applicable jurisdiction."
>
> Is it allowed to include a *subject:jurisdictionLocalityName* without
> providing a *subject:jurisdictionStateOrProvinceName*?
>
> The requirement says "And, the jurisdiction for the applicable
> Incorporating Agency or Registration Agency at the locality level MUST
> include the country and state or province information, where the state or
> province regulates the registration of the entities at the locality level,
> as well as the locality information."
>
> In one interpretation, if there is no "state or province" that regulates
> the registration of entities but this registration is done at the locality
> level, then the *subject:jurisdictionStateOrProvinceName* can be omitted
> and only the *subject:jurisdictionLocalityName* is included along with
> the *subject:jurisdictionCountryName*. Is this an accurate and valid
> interpretation?
>
>
> Thank you,
> Dimitris.
>
>
>
>
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> http://cabforum.org/mailman/listinfo/servercert-wg
>
>
>
>
>
> _______________________________________________
>
> Servercert-wg mailing list
>
> Servercert-wg at cabforum.org
>
> http://cabforum.org/mailman/listinfo/servercert-wg
>
>
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> http://cabforum.org/mailman/listinfo/servercert-wg
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20191204/dbce5992/attachment-0001.html>
More information about the Servercert-wg
mailing list