[Servercert-wg] Voting Begins: Ballot SC16: Other Subject Attributes

Thu Mar 14 23:10:09 MST 2019

Kamu SM votes YES to Ballot SC16

Regards,

Dr. Tamer ERGUN

Head of E-Signature Technologies Department 

TÜBİTAK/BİLGEM/Kamu SM

Çamlıca Mahallesi 408. Cadde No: 136

C Blok 5. Kat Yenimahalle/Ankara

www.tubitak.gov.tr <http://www.tubitak.gov.tr/> 

 <mailto:tamer.ergun at kamusm.gov.tr> tamer.ergun at kamusm.gov.tr

From: Servercert-wg <servercert-wg-bounces at cabforum.org <mailto:servercert-wg-bounces at cabforum.org> > On Behalf Of Wayne Thayer via Servercert-wg
Sent: Friday, March 8, 2019 2:01 PM
To: CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org <mailto:servercert-wg at cabforum.org> >
Subject: [Servercert-wg] Voting Begins: Ballot SC16: Other Subject Attributes

Purpose of Ballot:

This ballot intends to clarify requirements placed on Subject attributes in Subscriber certificates in BR section 7.1.4.2 and EVGL section 9.2.8. Specifically, Subject fields must contain more than just metadata if they are present in a certificate. The OU field is permitted in EV certificates, but no unspecified Subject attributes are permitted.

The following motion has been proposed by Wayne Thayer of Mozilla and endorsed by Doug Beattie of GlobalSign and Tim Hollebeek of DigiCert.

-- MOTION BEGINS --

This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates” as follows, based on Version 1.6.3:

Capitalize the heading of Baseline Requirements section 7.1.4 Name Forms

Add a second paragraph to Baseline Requirements section 7.1.4.2 as follows:

Subject attributes MUST NOT contain only metadata such as '.', '-', and ' ' (i.e. space) characters, and/or any other indication that the value is absent, incomplete, or not applicable.

Replace Baseline Requirements section 7.1.4.2.2(j.), in its entirety, with the following text:

j. Other Subject Attributes

Other attributes MAY be present within the subject field. If present, other attributes MUST contain information that has been verified by the CA.

----

This ballot modifies the “Guidelines For The Issuance And Management Of Extended Validation Certificates” as follows, based on Version 1.6.8:

Replace EV Guidelines section 9.2.8, in its entirety, with the following text:

9.2.8. Subject Organizational Unit Name Field

Certificate field: subject:organizationalUnitName (OID 2.5.4.11)

Required/Optional: Optional

Contents: The CA SHALL implement a process that prevents an OU attribute from including a name, DBA, tradename, trademark, address, location, or other text that refers to a specific natural person or Legal Entity unless the CA has verified this information in accordance with Section 11. This field MUST NOT contain only metadata such as '.', '-', and ' ' (i.e. space) characters, and/or any other indication that the value is absent, incomplete, or not applicable.

Add EV Guidelines section 9.2.9, with the following text:

9.2.9. Other Subject Attributes

CAs SHALL NOT include any Subject attributes except as specified in Section 9.2.

-- MOTION ENDS --

This ballot proposes a set of Final Maintenance Guidelines.

*** WARNING ***: USE AT YOUR OWN RISK.  THE REDLINE BELOW IS NOT THE OFFICIAL VERSION OF THE CHANGES (CABF Bylaws, Section 2.4(a)):

A comparison of the changes can be found at: https://github.com/wthayer/documents/compare/master...wthayer:EV-Subject-Information <https://scanmail.trustwave.com/?c=4062&d=qeGJ3DdOJyFYHe12EC9_m_5p6y-an1BzDhRm8h8aVw&s=5&u=https%3a%2f%2fgithub%2ecom%2fwthayer%2fdocuments%2fcompare%2fmaster%2e%2e%2ewthayer%3aEV-Subject-Information> 

The procedure for approval of this ballot is as follows:

Discussion (7+ days)

Start Time: March 1, 2019 17:00 UTC

End Time: After March 8, 2019 17:00 UTC

Vote for approval (7 days)

Start Time: March 8, 2019 19:00 UTC

End Time: March 15, 2019 19:00 UTC

Sorumluluk Reddi

Bu e-posta mesaji ve onunla iletilen tum ekler gonderildigi kisi ya da kuruma ozel olup, gizli imtiyazli, ozel bilgiler icerebilecegi gibi gizlilik yukumlulugu de tasiyor olabilir. Bu mesajda ve ekindeki dosyalarda bulunan tum fikir ve gorusler sadece adres yazarina ait olup, TUBITAK / Kamu SM?nin resmi gorusunu yansitmaz. TUBITAK / Kamu SM bu e-posta icerigindeki bilgilerin kullanilmasi nedeniyle hic kimseye karsi sorumlu tutulamaz. Mesajin yetkili alicisi veya alicisina iletmekten sorumlu kisi degilseniz, mesaj icerigini ya da eklerini kullanmayiniz, kopyalamayiniz, yaymayiniz, baska kisilere yonlendirmeyiniz ve mesaji gonderen kisiyi derhal e-posta yoluyla haberdar ederek bu mesaji ve eklerini herhangi bir kopyasini muhafaza etmeksizin siliniz. Kurumumuz size, mesajin ve bilgilerinin degisiklige ugramamasi, butunlugunun ve gizliligin korunmasi konusunda garanti vermemekte olup, e-posta icerigine yetkisiz olarak yapilan mudahale, virus icermesi ve/veya bilgisayar sisteminize verebilecegi herhangi bir zarardan da sorumlu degildir. 

******************************************
Disclaimer

This e-mail message, including any attachments, is intended only for the use of the individual or entity to whom it is addressed and may contain confidential, privileged, private information as well as the exemption from disclosure. The information and views set out in this email are those of the author and do not necessarily reflect the official position of TUBITAK / Kamu SM. TUBITAK / Kamu SM shall have no liability to any person with regard to the use of the information contained in this message. If you are not the intended addressee(s) or responsible person to inform the addressee(s), you are hereby notified that; any use, dissemination, distribution, or copying of this message and attached files is strictly prohibited. Please notify the sender immediately by e-mail and delete this message and any attachments without retaining a copy. TUBITAK / Kamu SM do not warrant for the accuracy, completeness of the contents of this email and/or the preservation of confidentiality, and shall not be liable for the unauthorized changes made to this message, viruses and/or any damages caused in any way to your computer system.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190315/4d36df75/attachment-0001.html>