[Servercert-wg] [External Sender] Re: [EXTERNAL]- Subject attribute encoding order requirement (rationale for)

Adriano Santoni adriano.santoni at staff.aruba.it
Thu Mar 21 09:05:53 UTC 2024


Thank you Jaime , but I had already checked that.

At that link I can only find the following very short exchange between 
chrisbn and sleevi:

> @chrisbn chrisbn May 13, 2022
> Yes, I wonder about the order of fields not in this list.
> I understand the hierarchy to order logic, but is the order defined in 
> Section 7.1.4.2 based on an existing specification, or how did we come 
> to this ordering?
> @sleevi sleevi May 13, 2022
> It is based on the definitions within X.509 and X.520, given these 
> fields are generally geographical in nature.
> That said, there’s definitely flexibility here to get us closer to 
> consistency among CAs, which is a key point of profiling, so if there 
> are changes and concerns, it’s totally appropriate to highlight.

That does not seem to clarify much, so I suppose there is more somewhere 
else.

No discussion of the mailing list? No discussion in SCWG calls?

Adriano



Il 21/03/2024 09:52, Jaime Hablutzel ha scritto:
> The discussion in 
> https://github.com/sleevi/cabforum-docs/pull/36#discussion_r872103477 could 
> help.
>
>> On 21 Mar 2024, at 09:39, Adriano Santoni via Servercert-wg 
>> <servercert-wg at cabforum.org> wrote:
>>
>> All, can anyone help me find the past email discussion, or at least 
>> the rationale that someone wrote somewhere (e.g. on Github?), 
>> supporting the Subject attributes encoding relative order requirement 
>> that was introduced in BR 2.0.0 (Ballot SC-062) ?
>>
>> I am talking about §7.1.4.2 Subject Attribute Encoding, and 
>> specifically about this language:
>>
>> "CAs that include attributes in the Certificate subject field that 
>> are listed in the table below
>> SHALL encode those attributes in the relative order as they appear in 
>> the table and follow the
>> specified encoding requirements for the attribute."
>>
>> I do not recall, and cannot find, a discussion on this mailing list 
>> on this particular topic. Maybe I just missed a whole bunch of email 
>> messages due to some otherwise undetected email problem. I also did a 
>> search on Github, starting from the links provided at 
>> https://cabforum.org/2023/03/17/ballot-sc62v2-certificate-profiles-update/), 
>> but was unable to figure out who proposed it and, above all, for what 
>> reason.
>>
>> Adriano
>> _______________________________________________
>> Servercert-wg mailing list
>> Servercert-wg at cabforum.org
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_servercert-2Dwg&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=TmnUymVu4aN7JJUi7E4FNf5W7JAuYX7-j6JtyhXK9EAAxJqhk7RvTa9sOsMmibge&s=pzZ-HMcq_CggzRO87gqT5_XxYy9n5hIbsxrERd7c_so&e=
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240321/bc7f2273/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4620 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240321/bc7f2273/attachment.p7s>


More information about the Servercert-wg mailing list