[Servercert-wg] Voting Begins: Ballot SC16: Other Subject Attributes
Christopher Kemmerer
chris at ssl.com
Fri Mar 15 09:29:22 MST 2019
SSL.com votes YES on SC 16.
csk
On 3/8/2019 11:00 AM, Wayne Thayer via Servercert-wg wrote:
> Purpose of Ballot:
>
> This ballot intends to clarify requirements placed on Subject
> attributes in Subscriber certificates in BR section 7.1.4.2 and EVGL
> section 9.2.8. Specifically, Subject fields must contain more than
> just metadata if they are present in a certificate. The OU field is
> permitted in EV certificates, but no unspecified Subject attributes
> are permitted.
>
>
> The following motion has been proposed by Wayne Thayer of Mozilla and
> endorsed by Doug Beattie of GlobalSign and Tim Hollebeek of DigiCert.
>
>
> -- MOTION BEGINS --
>
> This ballot modifies the “Baseline Requirements for the Issuance and
> Management of Publicly-Trusted Certificates” as follows, based on
> Version 1.6.3:
>
> Capitalize the heading of Baseline Requirements section 7.1.4 Name Forms
>
> Add a second paragraph to Baseline Requirements section 7.1.4.2 as
> follows:
>
> Subject attributes MUST NOT contain only metadata such as '.', '-',
> and ' ' (i.e. space) characters, and/or any other indication that the
> value is absent, incomplete, or not applicable.
>
> Replace Baseline Requirements section 7.1.4.2.2(j.), in its entirety,
> with the following text:
>
> j. Other Subject Attributes
>
> Other attributes MAY be present within the subject field. If present,
> other attributes MUST contain information that has been verified by
> the CA.
>
> ----
>
> This ballot modifies the “Guidelines For The Issuance And Management
> Of Extended Validation Certificates” as follows, based on Version 1.6.8:
>
> Replace EV Guidelines section 9.2.8, in its entirety, with the
> following text:
>
> 9.2.8. Subject Organizational Unit Name Field
>
> Certificate field: subject:organizationalUnitName (OID 2.5.4.11)
>
> Required/Optional: Optional
>
> Contents: The CA SHALL implement a process that prevents an OU
> attribute from including a name, DBA, tradename, trademark, address,
> location, or other text that refers to a specific natural person or
> Legal Entity unless the CA has verified this information in accordance
> with Section 11. This field MUST NOT contain only metadata such as
> '.', '-', and ' ' (i.e. space) characters, and/or any other indication
> that the value is absent, incomplete, or not applicable.
>
> Add EV Guidelines section 9.2.9, with the following text:
>
> 9.2.9. Other Subject Attributes
>
> CAs SHALL NOT include any Subject attributes except as specified in
> Section 9.2.
>
>
> -- MOTION ENDS --
>
> This ballot proposes a set of Final Maintenance Guidelines.
>
>
> *** WARNING ***: USE AT YOUR OWN RISK. THE REDLINE BELOW IS NOT THE
> OFFICIAL VERSION OF THE CHANGES (CABF Bylaws, Section 2.4(a)):
>
> A comparison of the changes can be found at:
> https://github.com/wthayer/documents/compare/master...wthayer:EV-Subject-Information
>
> The procedure for approval of this ballot is as follows:
>
> Discussion (7+ days)
>
> Start Time: March 1, 2019 17:00 UTC
>
> End Time: After March 8, 2019 17:00 UTC
>
> Vote for approval (7 days)
>
> Start Time: March 8, 2019 19:00 UTC
>
> End Time: March 15, 2019 19:00 UTC
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> http://cabforum.org/mailman/listinfo/servercert-wg
--
Chris Kemmerer
Manager of Operations
SSL.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~ To find the reefs, look~~~~~~~~
~~~~ for the wrecks. ~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190315/67b37829/attachment-0001.html>
More information about the Servercert-wg
mailing list