[Servercert-wg] Voting Begins: Ballot SC16: Other Subject At tributes
realsky at cht.com.tw
Thu Mar 14 08:57:42 MST 2019
Chunghwa Telecom votes "YES" on Ballot SC16: Other Subject Attributes.
Von: Servercert-wg [mailto:servercert-wg-bounces at cabforum.org]Im Auftrag von Wayne Thayer via Servercert-wg
Gesendet: Freitag, 8. März 2019 20:01
An: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Betreff: [Servercert-wg] Voting Begins: Ballot SC16: Other Subject Attributes
Purpose of Ballot:
This ballot intends to clarify requirements placed on Subject attributes in Subscriber certificates in BR section 220.127.116.11 and EVGL section 9.2.8. Specifically, Subject fields must contain more than just metadata if they are present in a certificate. The OU field is permitted in EV certificates, but no unspecified Subject attributes are permitted.
The following motion has been proposed by Wayne Thayer of Mozilla and endorsed by Doug Beattie of GlobalSign and Tim Hollebeek of DigiCert.
-- MOTION BEGINS --
This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates” as follows, based on Version 1.6.3:
Capitalize the heading of Baseline Requirements section 7.1.4 Name Forms
Add a second paragraph to Baseline Requirements section 18.104.22.168 as follows:
Subject attributes MUST NOT contain only metadata such as '.', '-', and ' ' (i.e. space) characters, and/or any other indication that the value is absent, incomplete, or not applicable.
Replace Baseline Requirements section 22.214.171.124.2(j.), in its entirety, with the following text:
j. Other Subject Attributes
Other attributes MAY be present within the subject field. If present, other attributes MUST contain information that has been verified by the CA.
This ballot modifies the “Guidelines For The Issuance And Management Of Extended Validation Certificates” as follows, based on Version 1.6.8:
Replace EV Guidelines section 9.2.8, in its entirety, with the following text:
9.2.8. Subject Organizational Unit Name Field
Certificate field: subject:organizationalUnitName (OID 126.96.36.199)
Contents: The CA SHALL implement a process that prevents an OU attribute from including a name, DBA, tradename, trademark, address, location, or other text that refers to a specific natural person or Legal Entity unless the CA has verified this information in accordance with Section 11. This field MUST NOT contain only metadata such as '.', '-', and ' ' (i.e. space) characters, and/or any other indication that the value is absent, incomplete, or not applicable.
Add EV Guidelines section 9.2.9, with the following text:
9.2.9. Other Subject Attributes
CAs SHALL NOT include any Subject attributes except as specified in Section 9.2.
-- MOTION ENDS --
This ballot proposes a set of Final Maintenance Guidelines.
*** WARNING ***: USE AT YOUR OWN RISK. THE REDLINE BELOW IS NOT THE OFFICIAL VERSION OF THE CHANGES (CABF Bylaws, Section 2.4(a)):
A comparison of the changes can be found at: https://github.com/wthayer/documents/compare/master...wthayer:EV-Subject-Information
The procedure for approval of this ballot is as follows:
Discussion (7+ days)
Start Time: March 1, 2019 17:00 UTC
End Time: After March 8, 2019 17:00 UTC
Vote for approval (7 days)
Start Time: March 8, 2019 19:00 UTC
End Time: March 15, 2019 19:00 UTC
Servercert-wg mailing list
Servercert-wg at cabforum.org
Please be advised that this email message (including any attachments) contains confidential information and may be legally privileged. If you are not the intended recipient, please destroy this message and all attachments from your system and do not further collect, process, or use them. Chunghwa Telecom and all its subsidiaries and associated companies shall not be liable for the improper or incomplete transmission of the information contained in this email nor for any delay in its receipt or damage to your system. If you are the intended recipient, please protect the confidential and/or personal information contained in this email with due care. Any unauthorized use, disclosure or distribution of this message in whole or in part is strictly prohibited. Also, please self-inspect attachments and hyperlinks contained in this email to ensure the information security and to protect personal information.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Servercert-wg