[Smcwg-public] [External Sender] Re: OrganizationIdentifier for Gov and Treaty Orgs

Tue Aug 9 11:10:27 UTC 2022

We use “XG” to denote a Registration Scheme that is employed globally. Perhaps we can co-opt that for International Orgs.

From: Tim Hollebeek <tim.hollebeek at digicert.com> 
Sent: Friday, August 5, 2022 11:27 AM
To: Corey Bonnell <Corey.Bonnell at digicert.com>; SMIME Certificate Working Group <smcwg-public at cabforum.org>; Adriano Santoni <adriano.santoni at staff.aruba.it>
Subject: RE: [Smcwg-public] [External Sender] Re: OrganizationIdentifier for Gov and Treaty Orgs

This is an interesting idea, and I like the fact that the disambiguation information is in a defined format and in a place that’s consistent with how we handle “normal” organizations, but how would it be extended to work for international organizations?  Just use something like “INTORG” for them?  Or do we require naming of at least one valid jurisdictions (the requirements require two, so one is always available), like “INTORG+US”?  Do we care that NORAD could be encoded as “INTORG+CA” as well, violating encoding uniqueness?  Do we go for “INTORG+US,CA” (probably not, the orgIDs are complicated enough already).

I think just “INTORG” is probably fine, as hopefully names of international organizations are more likely to be globally unique, unlike things like “Ministry of Finance” which is likely to exist in many countries and needs disambiguation.

-Tim

From: Smcwg-public <smcwg-public-bounces at cabforum.org <mailto:smcwg-public-bounces at cabforum.org> > On Behalf Of Corey Bonnell via Smcwg-public
Sent: Friday, August 5, 2022 9:21 AM
To: Adriano Santoni <adriano.santoni at staff.aruba.it <mailto:adriano.santoni at staff.aruba.it> >; SMIME Certificate Working Group <smcwg-public at cabforum.org <mailto:smcwg-public at cabforum.org> >
Subject: Re: [Smcwg-public] [External Sender] Re: OrganizationIdentifier for Gov and Treaty Orgs

I agree there needs to disambiguating information contained within the certificate for these cases. However, mandating the use of the physical location attributes for this specific case would make the certificate profile more complex.

As an alternative approach, I suggest we define one or more orgID registration schemes and use the orgId attribute to convey the jurisdiction information. A few examples:

*	A Government Entity located in Japan would have an orgID of “GOVJP”
*	A Government Entity located in California, United States would have an orgID of “GOVUS+CA”

This will provide greater consistency in the certificate profile between those organizations which have registration numbers and those that do not.

Thanks,

Corey

From: Smcwg-public <smcwg-public-bounces at cabforum.org <mailto:smcwg-public-bounces at cabforum.org> > On Behalf Of Adriano Santoni via Smcwg-public
Sent: Friday, August 5, 2022 3:04 AM
To: smcwg-public at cabforum.org <mailto:smcwg-public at cabforum.org> 
Subject: Re: [Smcwg-public] [External Sender] Re: OrganizationIdentifier for Gov and Treaty Orgs

I totally agree with Martijn Katerbarg.

Adriano

ACTALIS S.p.A.

Il 05/08/2022 09:02, Martijn Katerbarg via Smcwg-public ha scritto:

Should we at least subject:countryName to be present in these specific cases? 

Otherwise, we could end up having certificates with a subject looking like this (OV):

subject:organizationName: Ministry of Finance

This leaves no way of telling for which country and entity this is. Possibly the email address tld could tell someone, but that shouldn’t be relied upon.

I’ve done a comparison with EV certificates. There are currently EV certificates out there with O=Ministry of Finance and SN=Government Entity, spanning 12 different country codes.

From: Smcwg-public  <mailto:smcwg-public-bounces at cabforum.org> <smcwg-public-bounces at cabforum.org> On Behalf Of Stephen Davidson via Smcwg-public
Sent: Thursday, 4 August 2022 16:49
To: smcwg-public at cabforum.org <mailto:smcwg-public at cabforum.org> 
Subject: [Smcwg-public] OrganizationIdentifier for Gov and Treaty Orgs

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Hello:

In recent calls the group discussed that some Government and International Organization entities may not have identifiers.

It was agreed to adopt a similar workaround to that provided in the EV Guidelines.

I have added text implementing that change as seen at https://github.com/cabforum/smime/pull/158/files <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fsmime%2Fpull%2F158%2Ffiles&data=05%7C01%7Cmartijn.katerbarg%40sectigo.com%7C0f411c93c7404dfc94a008da76288a32%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C637952213783726589%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=MZM2OTOjk5dUNo52UbgMZKk%2B5OSnE5l9SZvf7L0tYi8%3D&reserved=0> 

Regards, Stephen

Stephen Davidson 

Governance, Risk & Compliance
stephen.davidson at digicert.com <mailto:stephen.davidson at digicert.com> 

O 1.441.278.2803 | M 1.441.505.4908

_______________________________________________
Smcwg-public mailing list
Smcwg-public at cabforum.org <mailto:Smcwg-public at cabforum.org> 
https://lists.cabforum.org/mailman/listinfo/smcwg-public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220809/08619f9b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 4581 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220809/08619f9b/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4990 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220809/08619f9b/attachment-0001.p7s>