[Smcwg-public] [EXTERNAL] Re: orgID - Government entities
Paul van Brouwershaven
Paul.vanBrouwershaven at entrust.com
Tue Apr 4 09:11:55 UTC 2023
You are correct:
ISO - Glossary for ISO 3166<https://www.iso.org/glossary-for-iso-3166.html>
Subdivision codes (ISO 3166-2)
Subdivision codes – code that represents the name of a principal subdivision (e.g province or state) of countries coded in ISO 3166-1. This code is based on the two-letter code element from ISO 3166-1 followed by a separator and up to three alphanumeric characters. The characters after the separator cannot be used on their own to denote a subdivision, they must be preceded by the alpha-2 country code.
For example – ID-RI is the Riau province of Indonesia and NG-RI is the Rivers province in Nigeria.
The codes denoting the subdivision are usually obtained from national sources and stem from coding systems already in place in the country.
________________________________
From: Pedro FUENTES
Sent: Tuesday, April 04, 2023 11:07
To: Paul van Brouwershaven; SMIME Certificate Working Group
Cc: Bruce Morton; Dimitris Zacharopoulos (HARICA)
Subject: Re: [Smcwg-public] [EXTERNAL] Re: orgID - Government entities
If I’m not wrong it can be up to three alphanumeric characters
On 4 Apr 2023, at 11:02, Paul van Brouwershaven via Smcwg-public <smcwg-public at cabforum.org> wrote:
ISO 3166-1 is the country code
ISO 3166-2 is the subdivision code
S/MIME BR 7.1.4.2.2.d. Note 2 states:
“For Government Entities, the CA SHALL enter the Registration Scheme identifier ‘GOV’ followed by the 2 character ISO 3166 country code for the nation in which the Government Entity is located. If the Government Entity is verified at a subdivision (state or province) level, then a plus “+” (0x2B (ASCII), U+002B (UTF‐8)) followed by a 2 character ISO 3166‐2 identifier for the subdivision is added.”
I think it correctly states ISO 3166-2 but it incorrectly assumes that the subdivision has a length of two.
________________________________
From: Smcwg-public <smcwg-public-bounces at cabforum.org<mailto:smcwg-public-bounces at cabforum.org>> on behalf of Dimitris Zacharopoulos (HARICA) via Smcwg-public <smcwg-public at cabforum.org<mailto:smcwg-public at cabforum.org>>
Sent: Tuesday, April 4, 2023 07:37
To: Bruce Morton <Bruce.Morton at entrust.com<mailto:Bruce.Morton at entrust.com>>; SMIME Certificate Working Group <smcwg-public at cabforum.org<mailto:smcwg-public at cabforum.org>>
Subject: [EXTERNAL] Re: [Smcwg-public] orgID - Government entities
WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
________________________________
It should be ISO 3166-1 for the alpha-2 character code. This was probably an oversight.
Stephen, is this something we could add to the upcoming ballot with fixes?
Thanks,
Dimitris.
On 30/3/2023 8:24 μ.μ., Bruce Morton via Smcwg-public wrote:
Sorry I missed the call yesterday.
I am hoping the QIIS item can be added to the erratum. In addition, we have the following observation.
S/MIME BR 7.1.4.2.2.d. Note 2 states, “For Government Entities, the CA SHALL enter the Registration Scheme identifier ‘GOV’ followed by the 2 character ISO 3166 country code for the nation in which the Government Entity is located. If the Government Entity is verified at a subdivision (state or province) level, then a plus “+” (0x2B (ASCII), U+002B (UTF‐8)) followed by a 2 character ISO 3166‐2 identifier for the subdivision is added.”
The wording is complicated as there are no 2 character 3166-2 identifiers as they start with the 2 character country code plus a hyphen. For California the code is US-CA, but we expect the result for the orgID to be GOVUS+CA and not GOVUS+US-CA. For Czechia, they append 2 or 3 numerals such as CZ-201. I assume we want to show GOVCZ+201 (see https://www.iso.org/obp/ui/#iso:code:3166:CZ<https://urldefense.proofpoint.com/v2/url?u=https-3A__urldefense.com_v3_-5F-5Fhttps-3A__www.iso.org_obp_ui_-2Aiso-3Acode-3A3166-3ACZ-5F-5F-3BIw-21-21FJ-2DY8qCqXTj2-21e0mTl4p5JfttNo888kNqKGAYUo36SuEiHjGLrpS8kHZi56mAxJeRhKRClNow-5FFwG3tPs0DB9mFkeja72a6LgFMAIKNAJknQ-2D3TI-24&d=DwMFJg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=DrHgcn31QMC9OpqydjcFkmxylqBdZykIrv-fWOMbrTg&s=7bDfj9XCYc_FQF4uWdfJ7YXJZXWgZaoanOo1Gzx3tGE&e=>), but this is adding more than 2 characters.
I am not sure how to state this but I think we want these examples:
OrgID GOVUS based on ISO 3166-1 US indicator
OrgID GOVUS+CA based on ISO 3166-1 US indicator and ISO3166-2 US-CA indicator
OrgID GOV CZ+201 based on ISO 3166-1 CZ indicator and ISO3166-2 CZ-201 indicator
So could we add this to a clarification ballot and change “followed by a 2 character ISO 3166‐2 identifier for the subdivision added” to “followed by the ISO 3166-2 additional characters identified for the subdivision added”? Then provide the examples.
Thanks, Bruce.
Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
_______________________________________________
Smcwg-public mailing list
Smcwg-public at cabforum.org<mailto:Smcwg-public at cabforum.org>
https://lists.cabforum.org/mailman/listinfo/smcwg-public<https://urldefense.proofpoint.com/v2/url?u=https-3A__urldefense.com_v3_-5F-5Fhttps-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic-5F-5F-3B-21-21FJ-2DY8qCqXTj2-21e0mTl4p5JfttNo888kNqKGAYUo36SuEiHjGLrpS8kHZi56mAxJeRhKRClNow-5FFwG3tPs0DB9mFkeja72a6LgFMAIKNAJiOwCDkM-24&d=DwMFJg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=DrHgcn31QMC9OpqydjcFkmxylqBdZykIrv-fWOMbrTg&s=4TUw3QU0hPiVkdUfbPaEcvMfjQ_fCOVCFbOh1Fsl4ns&e=>
_______________________________________________
Smcwg-public mailing list
Smcwg-public at cabforum.org<mailto:Smcwg-public at cabforum.org>
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=DrHgcn31QMC9OpqydjcFkmxylqBdZykIrv-fWOMbrTg&s=4y63fyC0m-_FeUT9gmIGLv9ywlPHSnMlD-CJyjZQO4Q&e=
WISeKey SA
Pedro Fuentes
CSO - Trust Services Manager
Office: + 41 (0) 22 594 30 00
Mobile: + 41 (0) 791 274 790
Address: Avenue Louis-Casaï 58 | 1216 Cointrin | Switzerland
Stay connected with WISeKey<http://www.wisekey.com>
THIS IS A TRUSTED MAIL: This message is digitally signed with a WISeKey identity. If you get a mail from WISeKey please check the signature to avoid security risks
CONFIDENTIALITY: This email and any files transmitted with it can be confidential and it’s intended solely for the use of the individual or entity to which they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. If you have received this email in error please notify the sender
DISCLAIMER: WISeKey does not warrant the accuracy or completeness of this message and does not accept any liability for any errors or omissions herein as this message has been transmitted over a public network. Internet communications cannot be guaranteed to be secure or error-free as information may be intercepted, corrupted, or contain viruses. Attachments to this e-mail are checked for viruses; however, we do not accept any liability for any damage sustained by viruses and therefore you are kindly requested to check for viruses upon receipt.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20230404/0ffb5e69/attachment-0001.html>
More information about the Smcwg-public
mailing list