[Servercert-wg] [External Sender] Re: [EXTERNAL]- Subject attribute encoding order requirement (rationale for)
Adriano Santoni
adriano.santoni at staff.aruba.it
Thu Mar 21 09:05:53 UTC 2024
Thank you Jaime , but I had already checked that.
At that link I can only find the following very short exchange between
chrisbn and sleevi:
> @chrisbn chrisbn May 13, 2022
> Yes, I wonder about the order of fields not in this list.
> I understand the hierarchy to order logic, but is the order defined in
> Section 7.1.4.2 based on an existing specification, or how did we come
> to this ordering?
> @sleevi sleevi May 13, 2022
> It is based on the definitions within X.509 and X.520, given these
> fields are generally geographical in nature.
> That said, there’s definitely flexibility here to get us closer to
> consistency among CAs, which is a key point of profiling, so if there
> are changes and concerns, it’s totally appropriate to highlight.
That does not seem to clarify much, so I suppose there is more somewhere
else.
No discussion of the mailing list? No discussion in SCWG calls?
Adriano
Il 21/03/2024 09:52, Jaime Hablutzel ha scritto:
> The discussion in
> https://github.com/sleevi/cabforum-docs/pull/36#discussion_r872103477 could
> help.
>
>> On 21 Mar 2024, at 09:39, Adriano Santoni via Servercert-wg
>> <servercert-wg at cabforum.org> wrote:
>>
>> All, can anyone help me find the past email discussion, or at least
>> the rationale that someone wrote somewhere (e.g. on Github?),
>> supporting the Subject attributes encoding relative order requirement
>> that was introduced in BR 2.0.0 (Ballot SC-062) ?
>>
>> I am talking about §7.1.4.2 Subject Attribute Encoding, and
>> specifically about this language:
>>
>> "CAs that include attributes in the Certificate subject field that
>> are listed in the table below
>> SHALL encode those attributes in the relative order as they appear in
>> the table and follow the
>> specified encoding requirements for the attribute."
>>
>> I do not recall, and cannot find, a discussion on this mailing list
>> on this particular topic. Maybe I just missed a whole bunch of email
>> messages due to some otherwise undetected email problem. I also did a
>> search on Github, starting from the links provided at
>> https://cabforum.org/2023/03/17/ballot-sc62v2-certificate-profiles-update/),
>> but was unable to figure out who proposed it and, above all, for what
>> reason.
>>
>> Adriano
>> _______________________________________________
>> Servercert-wg mailing list
>> Servercert-wg at cabforum.org
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_servercert-2Dwg&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=TmnUymVu4aN7JJUi7E4FNf5W7JAuYX7-j6JtyhXK9EAAxJqhk7RvTa9sOsMmibge&s=pzZ-HMcq_CggzRO87gqT5_XxYy9n5hIbsxrERd7c_so&e=
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240321/bc7f2273/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4620 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20240321/bc7f2273/attachment.p7s>
More information about the Servercert-wg
mailing list