[Smcwg-public] [External Sender] Re: OrganizationIdentifier for Gov and Treaty Orgs

Corey Bonnell Corey.Bonnell at digicert.com
Fri Aug 5 13:20:45 UTC 2022


I agree there needs to disambiguating information contained within the certificate for these cases. However, mandating the use of the physical location attributes for this specific case would make the certificate profile more complex.

 

As an alternative approach, I suggest we define one or more orgID registration schemes and use the orgId attribute to convey the jurisdiction information. A few examples:

 

*	A Government Entity located in Japan would have an orgID of “GOVJP”
*	A Government Entity located in California, United States would have an orgID of “GOVUS+CA”

 

This will provide greater consistency in the certificate profile between those organizations which have registration numbers and those that do not.

 

Thanks,

Corey

 

From: Smcwg-public <smcwg-public-bounces at cabforum.org> On Behalf Of Adriano Santoni via Smcwg-public
Sent: Friday, August 5, 2022 3:04 AM
To: smcwg-public at cabforum.org
Subject: Re: [Smcwg-public] [External Sender] Re: OrganizationIdentifier for Gov and Treaty Orgs

 

I totally agree with Martijn Katerbarg.

Adriano

ACTALIS S.p.A.

 

Il 05/08/2022 09:02, Martijn Katerbarg via Smcwg-public ha scritto:

Should we at least subject:countryName to be present in these specific cases? 

 

Otherwise, we could end up having certificates with a subject looking like this (OV):

 

subject:organizationName: Ministry of Finance

 

This leaves no way of telling for which country and entity this is. Possibly the email address tld could tell someone, but that shouldn’t be relied upon.

I’ve done a comparison with EV certificates. There are currently EV certificates out there with O=Ministry of Finance and SN=Government Entity, spanning 12 different country codes.

 

 

From: Smcwg-public  <mailto:smcwg-public-bounces at cabforum.org> <smcwg-public-bounces at cabforum.org> On Behalf Of Stephen Davidson via Smcwg-public
Sent: Thursday, 4 August 2022 16:49
To: smcwg-public at cabforum.org <mailto:smcwg-public at cabforum.org> 
Subject: [Smcwg-public] OrganizationIdentifier for Gov and Treaty Orgs

 

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

 

Hello:

 

In recent calls the group discussed that some Government and International Organization entities may not have identifiers.

It was agreed to adopt a similar workaround to that provided in the EV Guidelines.

I have added text implementing that change as seen at https://github.com/cabforum/smime/pull/158/files <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fsmime%2Fpull%2F158%2Ffiles&data=05%7C01%7Cmartijn.katerbarg%40sectigo.com%7C0f411c93c7404dfc94a008da76288a32%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637952213783726589%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=MZM2OTOjk5dUNo52UbgMZKk%2B5OSnE5l9SZvf7L0tYi8%3D&reserved=0> 

 

Regards, Stephen

 

 

Stephen Davidson 

Governance, Risk & Compliance
stephen.davidson at digicert.com <mailto:stephen.davidson at digicert.com> 

O 1.441.278.2803 | M 1.441.505.4908



 





_______________________________________________
Smcwg-public mailing list
Smcwg-public at cabforum.org <mailto:Smcwg-public at cabforum.org> 
https://lists.cabforum.org/mailman/listinfo/smcwg-public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220805/5bb4735c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 4581 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220805/5bb4735c/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4990 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220805/5bb4735c/attachment-0001.p7s>


More information about the Smcwg-public mailing list