[Servercert-wg] EV OrganizationIdentifier, CABFOrganizationIdentifier, JoI-Fields

Sandy Balzer sandy.balzer at swisssign.com
Thu Apr 4 12:10:10 UTC 2024 

Dear all,

We would like to discuss the following topic "setting some fields to optional if Organizational identifier is set":

When the attribute OrganizationIdentifier was introduced in version 1.7.0 of the EV Guidelines implementing ballot SC17 https://cabforum.org/2019/05/21/ballot-sc17-version-7-alternative-registration-numbers-for-ev-certificates/, it was also connected with the certificate extension "cabf organization identifier" in an attempt to streamline this with ETSI regulations.

An entry point for the archived discussion may be found here:
[Servercert-wg] Ballot SC17 version 7: Alternative registration numbers for EV certificates (cabforum.org)<https://archive.cabforum.org/pipermail/servercert-wg/2019-May/000770.html>

As the according ETSI standard (ETSI EN 319 412-3) still does not specify further extensions or attributes in addition to the OrganizationIdentifier and since the OrganizationIdentifier was also successfully introduced with the CABF S/MIME BR, without any further ado we put the following complexity reduction to discussion for the EV guidelines:

  *   If the OrganizationIdentifier is included in the Subject Distinguished Name of a certificate the CABFOrganizationIdentifier extension is optional only.
  *   In addition, as the OrganizationIdentifier attribute contains the register information (register ID and jurisdiction) the following attributes are redundant and thereforeoptional as well:
     *   all JurisdictionOfIncorporation fieds (i.e. JoiCountry, JoIStateOrProvince and JoILocality (These can be concluded from the value in the OrganizationIdentifer.)
     *   serialNumber (the register ID is included in the OrganizationIdentifer)

Thank you in advance for a thorough consideration.



Kind regards

Adrian Mueller, Sandy Balzer

SwissSign AG

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240404/62e04046/attachment.html>

More information about the Servercert-wg mailing list