[Smcwg-public] Inconsistency between 3.2.3.1 and 7.1.4.2.2 regarding the OU attribute

[Adriano Santoni]

I believe there is an inconsistency between section 3.2.3.1 (Attribute 
collection of organization identity) and section 7.1.4.2.2 (Subject 
distinguished name fields).

In 3.2.3.1 it is specified that "The CA or RA SHALL collect and retain 
evidence supporting the following identity attributes for the Organization"

and the list of identity attributes include "3. An organizational unit 
of the Legal Entity (if included in the Subject);"

This cannot be left written that way, IMO, because according to 
§7.1.4.2.2 organizational units (properly speaking) cannot be included 
in certificates.

In fact, section 7.1.4.2.2 (Subject distinguished name fields) reads 
like follows regarding the organizationalUnitName attribute:

"If present, the CA SHALL confirm that the 
subject:organizationalUnitName is the full legal organization name of an 
Affiliate of the subject:organizationName"

So, if present, the organizationalUnitName attribute cannot really 
contain the name of an organizational unit (e.g. department, division, 
etc.) but only the name of an Affiliate organization, which is quite a 
different thing.

To sum up, I believe that we should either remove item #3 from the list 
in 3.2.3.1 or reword it to make it consistent with 7.1.4.2.2 letter c).

Do people agree?

Adriano

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20231102/7609cfb0/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4620 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20231102/7609cfb0/attachment-0001.p7s>