[Servercert-wg] Voting Begins: Ballot SC16: Other Subject At tributes

realsky(CHT) realsky at cht.com.tw
Thu Mar 14 08:57:42 MST 2019


Chunghwa Telecom votes "YES" on Ballot SC16: Other Subject Attributes.


       Li-Chun 

-----Original message-----

Von: Servercert-wg [mailto:servercert-wg-bounces at cabforum.org]Im Auftrag von Wayne Thayer via Servercert-wg
Gesendet: Freitag, 8. März 2019 20:01
An: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Betreff: [Servercert-wg] Voting Begins: Ballot SC16: Other Subject Attributes
 
Purpose of Ballot:

This ballot intends to clarify requirements placed on Subject attributes in Subscriber certificates in BR section 7.1.4.2 and EVGL section 9.2.8. Specifically, Subject fields must contain more than just metadata if they are present in a certificate. The OU field is permitted in EV certificates, but no unspecified Subject attributes are permitted.


The following motion has been proposed by Wayne Thayer of Mozilla and endorsed by Doug Beattie of GlobalSign and Tim Hollebeek of DigiCert.


-- MOTION BEGINS --

This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates” as follows, based on Version 1.6.3:

Capitalize the heading of Baseline Requirements section 7.1.4 Name Forms

Add a second paragraph to Baseline Requirements section 7.1.4.2 as follows:

Subject attributes MUST NOT contain only metadata such as '.', '-', and ' ' (i.e. space) characters, and/or any other indication that the value is absent, incomplete, or not applicable.

Replace Baseline Requirements section 7.1.4.2.2(j.), in its entirety, with the following text:

j. Other Subject Attributes

Other attributes MAY be present within the subject field. If present, other attributes MUST contain information that has been verified by the CA.

----

This ballot modifies the “Guidelines For The Issuance And Management Of Extended Validation Certificates” as follows, based on Version 1.6.8:

Replace EV Guidelines section 9.2.8, in its entirety, with the following text:

9.2.8. Subject Organizational Unit Name Field

Certificate field: subject:organizationalUnitName (OID 2.5.4.11)

Required/Optional: Optional

Contents: The CA SHALL implement a process that prevents an OU attribute from including a name, DBA, tradename, trademark, address, location, or other text that refers to a specific natural person or Legal Entity unless the CA has verified this information in accordance with Section 11. This field MUST NOT contain only metadata such as '.', '-', and ' ' (i.e. space) characters, and/or any other indication that the value is absent, incomplete, or not applicable.

Add EV Guidelines section 9.2.9, with the following text:

9.2.9. Other Subject Attributes

CAs SHALL NOT include any Subject attributes except as specified in Section 9.2.


-- MOTION ENDS --

This ballot proposes a set of Final Maintenance Guidelines.


*** WARNING ***: USE AT YOUR OWN RISK.  THE REDLINE BELOW IS NOT THE OFFICIAL VERSION OF THE CHANGES (CABF Bylaws, Section 2.4(a)):

A comparison of the changes can be found at: https://github.com/wthayer/documents/compare/master...wthayer:EV-Subject-Information

The procedure for approval of this ballot is as follows:

Discussion (7+ days)

Start Time: March 1, 2019 17:00 UTC

End Time: After March 8, 2019 17:00 UTC

Vote for approval (7 days)

Start Time: March 8, 2019 19:00 UTC

End Time: March 15, 2019 19:00 UTC

_______________________________________________
Servercert-wg mailing list
Servercert-wg at cabforum.org
http://cabforum.org/mailman/listinfo/servercert-wg




本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利用本信件內容,並請銷毀此信件. 如為指定收件者,應確實保護郵件中本公司之營業機密及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性,以共同善盡資訊安全與個資保護責任. 
Please be advised that this email message (including any attachments) contains confidential information and may be legally privileged. If you are not the intended recipient, please destroy this message and all attachments from your system and do not further collect, process, or use them. Chunghwa Telecom and all its subsidiaries and associated companies shall not be liable for the improper or incomplete transmission of the information contained in this email nor for any delay in its receipt or damage to your system. If you are the intended recipient, please protect the confidential and/or personal information contained in this email with due care. Any unauthorized use, disclosure or distribution of this message in whole or in part is strictly prohibited. Also, please self-inspect attachments and hyperlinks contained in this email to ensure the information security and to protect personal information.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190314/27c95161/attachment.html>


More information about the Servercert-wg mailing list