[Smcwg-public] [External Sender] Re: OrganizationIdentifier for Gov and Treaty Orgs
Tim Hollebeek
tim.hollebeek at digicert.com
Fri Aug 5 15:26:36 UTC 2022
This is an interesting idea, and I like the fact that the disambiguation information is in a defined format and in a place that’s consistent with how we handle “normal” organizations, but how would it be extended to work for international organizations? Just use something like “INTORG” for them? Or do we require naming of at least one valid jurisdictions (the requirements require two, so one is always available), like “INTORG+US”? Do we care that NORAD could be encoded as “INTORG+CA” as well, violating encoding uniqueness? Do we go for “INTORG+US,CA” (probably not, the orgIDs are complicated enough already).
I think just “INTORG” is probably fine, as hopefully names of international organizations are more likely to be globally unique, unlike things like “Ministry of Finance” which is likely to exist in many countries and needs disambiguation.
-Tim
From: Smcwg-public <smcwg-public-bounces at cabforum.org> On Behalf Of Corey Bonnell via Smcwg-public
Sent: Friday, August 5, 2022 9:21 AM
To: Adriano Santoni <adriano.santoni at staff.aruba.it>; SMIME Certificate Working Group <smcwg-public at cabforum.org>
Subject: Re: [Smcwg-public] [External Sender] Re: OrganizationIdentifier for Gov and Treaty Orgs
I agree there needs to disambiguating information contained within the certificate for these cases. However, mandating the use of the physical location attributes for this specific case would make the certificate profile more complex.
As an alternative approach, I suggest we define one or more orgID registration schemes and use the orgId attribute to convey the jurisdiction information. A few examples:
* A Government Entity located in Japan would have an orgID of “GOVJP”
* A Government Entity located in California, United States would have an orgID of “GOVUS+CA”
This will provide greater consistency in the certificate profile between those organizations which have registration numbers and those that do not.
Thanks,
Corey
From: Smcwg-public <smcwg-public-bounces at cabforum.org<mailto:smcwg-public-bounces at cabforum.org>> On Behalf Of Adriano Santoni via Smcwg-public
Sent: Friday, August 5, 2022 3:04 AM
To: smcwg-public at cabforum.org<mailto:smcwg-public at cabforum.org>
Subject: Re: [Smcwg-public] [External Sender] Re: OrganizationIdentifier for Gov and Treaty Orgs
I totally agree with Martijn Katerbarg.
Adriano
ACTALIS S.p.A.
Il 05/08/2022 09:02, Martijn Katerbarg via Smcwg-public ha scritto:
Should we at least subject:countryName to be present in these specific cases?
Otherwise, we could end up having certificates with a subject looking like this (OV):
subject:organizationName: Ministry of Finance
This leaves no way of telling for which country and entity this is. Possibly the email address tld could tell someone, but that shouldn’t be relied upon.
I’ve done a comparison with EV certificates. There are currently EV certificates out there with O=Ministry of Finance and SN=Government Entity, spanning 12 different country codes.
From: Smcwg-public <smcwg-public-bounces at cabforum.org><mailto:smcwg-public-bounces at cabforum.org> On Behalf Of Stephen Davidson via Smcwg-public
Sent: Thursday, 4 August 2022 16:49
To: smcwg-public at cabforum.org<mailto:smcwg-public at cabforum.org>
Subject: [Smcwg-public] OrganizationIdentifier for Gov and Treaty Orgs
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Hello:
In recent calls the group discussed that some Government and International Organization entities may not have identifiers.
It was agreed to adopt a similar workaround to that provided in the EV Guidelines.
I have added text implementing that change as seen at https://github.com/cabforum/smime/pull/158/files<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fsmime%2Fpull%2F158%2Ffiles&data=05%7C01%7Cmartijn.katerbarg%40sectigo.com%7C0f411c93c7404dfc94a008da76288a32%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637952213783726589%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=MZM2OTOjk5dUNo52UbgMZKk%2B5OSnE5l9SZvf7L0tYi8%3D&reserved=0>
Regards, Stephen
Stephen Davidson
Governance, Risk & Compliance
stephen.davidson at digicert.com<mailto:stephen.davidson at digicert.com>
O 1.441.278.2803 | M 1.441.505.4908
[DigiCert_QuoVadis Logo Lockups_Phase 1_EmailSignatures_Phase1]
_______________________________________________
Smcwg-public mailing list
Smcwg-public at cabforum.org<mailto:Smcwg-public at cabforum.org>
https://lists.cabforum.org/mailman/listinfo/smcwg-public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220805/571510a0/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 4581 bytes
Desc: image001.png
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220805/571510a0/attachment-0001.png>
More information about the Smcwg-public
mailing list