[Smcwg-public] orgID - Government entities

Tue Apr 4 16:47:53 UTC 2023

Thank you for raising this.  We will discuss at the next meeting.

This text was adapted from the EVG so whatever we fix here will need to be fixed there as well.

Regards, Stephen

From: Smcwg-public <smcwg-public-bounces at cabforum.org> On Behalf Of Dimitris Zacharopoulos (HARICA) via Smcwg-public
Sent: Tuesday, April 4, 2023 2:38 AM
To: Bruce Morton <bruce.morton at entrust.com>; SMIME Certificate Working Group <smcwg-public at cabforum.org>
Subject: Re: [Smcwg-public] orgID - Government entities

It should be ISO 3166-1 for the alpha-2 character code. This was probably an oversight.

Stephen, is this something we could add to the upcoming ballot with fixes?

Thanks,
Dimitris.

On 30/3/2023 8:24 μ.μ., Bruce Morton via Smcwg-public wrote:

Sorry I missed the call yesterday.

I am hoping the QIIS item can be added to the erratum. In addition, we have the following observation.

S/MIME BR 7.1.4.2.2.d. Note 2 states, “For Government Entities, the CA SHALL enter the Registration Scheme identifier ‘GOV’ followed by the 2 character ISO 3166 country code for the nation in which the Government Entity is located. If the Government Entity is verified at a subdivision (state or province) level, then a plus “+” (0x2B (ASCII), U+002B (UTF‐8)) followed by a 2 character ISO 3166‐2 identifier for the subdivision is added.”

The wording is complicated as there are no 2 character 3166-2 identifiers as they start with the 2 character country code plus a hyphen. For California the code is US-CA, but we expect the result for the orgID to be GOVUS+CA and not GOVUS+US-CA. For Czechia, they append 2 or 3 numerals such as CZ-201. I assume we want to show GOVCZ+201 (see https://url.avanan.click/v2/___https://www.iso.org/obp/ui/%23iso:code:3166:CZ___.YXAzOmRpZ2ljZXJ0OmE6bzozOGI4ZTlkYzFjN2E0ODAxNjY2NjQ3NDRmN2MzMTA5NDo2Ojk5M2U6N2QyMGFmMzE2NWM1NWNhMGM3OGEzNjE3NDQ1ZDExZGQzYmNkZTUxYmJlMWNjYmI3ZDNmMjNkYzg4MTZiYjVjMDp0OkY <https://url.avanan.click/v2/___https:/www.iso.org/obp/ui/%23iso:code:3166:CZ___.YXAzOmRpZ2ljZXJ0OmE6bzozOGI4ZTlkYzFjN2E0ODAxNjY2NjQ3NDRmN2MzMTA5NDo2OjRiNGM6YzkzYjUzNDlkZTEwM2RmMjkwMjFhNjVmYWE1ZTE3ZmRiYTNiZWIyNDVkMWIzNmY5NThjMTI3NDM2ZWU4OGFmMjpoOkY> ), but this is adding more than 2 characters. 

I am not sure how to state this but I think we want these examples:

OrgID GOVUS based on ISO 3166-1 US indicator

OrgID GOVUS+CA based on ISO 3166-1 US indicator and ISO3166-2 US-CA indicator

OrgID GOV CZ+201 based on ISO 3166-1 CZ indicator and ISO3166-2 CZ-201 indicator

So could we add this to a clarification ballot and change “followed by a 2 character ISO 3166‐2 identifier for the subdivision added” to “followed by the ISO 3166-2 additional characters identified for the subdivision added”? Then provide the examples.

Thanks, Bruce.

Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system. 

_______________________________________________
Smcwg-public mailing list
Smcwg-public at cabforum.org <mailto:Smcwg-public at cabforum.org> 
https://lists.cabforum.org/mailman/listinfo/smcwg-public <https://url.avanan.click/v2/___https:/lists.cabforum.org/mailman/listinfo/smcwg-public___.YXAzOmRpZ2ljZXJ0OmE6bzozOGI4ZTlkYzFjN2E0ODAxNjY2NjQ3NDRmN2MzMTA5NDo2Ojg5N2E6MTE1MGQwMTQ1MGRlNmMwMzUzYzdiNGM4MDQ2ZmQyNTc3ZDNiNmZhOGZlNmU1YjJhNDAxNmNlYTcwMDQ2NDBmYzpoOkY> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20230404/78fcf3e5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5263 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20230404/78fcf3e5/attachment.p7s>