[Smcwg-public] orgID - Government entities

Wed Apr 5 21:31:22 UTC 2023

The following edit in my erratum branch should address this observation.
Thank you Bruce for pointing it out.  A similar change will need to be made
to the EVG.

https://github.com/srdavidson/smime/commit/67ba77c6728543469683f4f8e50573d2b
61621cc

It is likely that we should add the identifiers GOV and INT which are
described in 7.1.4.2.2 (d) to the list described in Appendix A.  Thoughts?

Regards, Stephen

From: Smcwg-public <smcwg-public-bounces at cabforum.org> On Behalf Of Bruce
Morton via Smcwg-public
Sent: Thursday, March 30, 2023 2:25 PM
To: smcwg-public at cabforum.org
Subject: [Smcwg-public] orgID - Government entities

Sorry I missed the call yesterday.

I am hoping the QIIS item can be added to the erratum. In addition, we have
the following observation.

S/MIME BR 7.1.4.2.2.d. Note 2 states, “For Government Entities, the CA
SHALL enter the Registration Scheme identifier ‘GOV’ followed by the 2
character ISO 3166 country code for the nation in which the Government
Entity is located. If the Government Entity is verified at a subdivision
(state or province) level, then a plus “+” (0x2B (ASCII), U+002B (UTF‐8))
followed by a 2 character ISO 3166‐2 identifier for the subdivision is
added.”

The wording is complicated as there are no 2 character 3166-2 identifiers as
they start with the 2 character country code plus a hyphen. For California
the code is US-CA, but we expect the result for the orgID to be GOVUS+CA and
not GOVUS+US-CA. For Czechia, they append 2 or 3 numerals such as CZ-201. I
assume we want to show GOVCZ+201 (see
https://www.iso.org/obp/ui/#iso:code:3166:CZ
<https://url.avanan.click/v2/___https:/www.iso.org/obp/ui/%23iso:code:3166:C
Z___.YXAzOmRpZ2ljZXJ0OmE6bzpkMGM3ZmJiMWQ3OTMyZjNkNDcwNzRiMTI4Zjg2NDBiYzo2OmI
5N2Y6NjEyNjFkZDRlYWJiYTkyMjZkOTQ3ZGEyMzg2NjdlNzk2N2IwMjdkZTYwMzUyNWJiMGMyZDU
wMTE3ZDZjZWE1MzpoOkY> ), but this is adding more than 2 characters.

I am not sure how to state this but I think we want these examples:

OrgID GOVUS based on ISO 3166-1 US indicator

OrgID GOVUS+CA based on ISO 3166-1 US indicator and ISO3166-2 US-CA
indicator

OrgID GOV CZ+201 based on ISO 3166-1 CZ indicator and ISO3166-2 CZ-201
indicator

So could we add this to a clarification ballot and change “followed by a 2
character ISO 3166‐2 identifier for the subdivision added” to “followed
by the ISO 3166-2 additional characters identified for the subdivision
added”? Then provide the examples.

Thanks, Bruce.

Any email and files/attachments transmitted with it are confidential and are
intended solely for the use of the individual or entity to whom they are
addressed. If this message has been sent to you in error, you must not copy,
distribute or disclose of the information it contains. Please notify Entrust
immediately and delete the message from your system.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20230405/6d9600f2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5263 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20230405/6d9600f2/attachment.p7s>