[cabf_validation] Proposed ballot - EV State Optional

Adriano Santoni adriano.santoni at staff.aruba.it
Fri Dec 16 00:10:11 MST 2016


Including StateOrProvince helps disambiguating the address of the 
certificate holder, which seems to me an important information in both 
OV and EV certificates, and there are several cases where - given just a 
country and a locality - the exact location remains uncertain because of 
homonyms.

It is true that subdivisions named "state" or "province" do not exist in 
all countries, but in most countries other subdivisions do exist (eg. 
counties, regions, departments, Länder, etc.), and I do not see why 
those cannot be specified in StateOrProvince....they should, IMO.

Adriano

Il 15/12/2016 19:53, Bruce Morton via Validation ha scritto:
>
> My concern with the list is that it will take some time to evaluate 
> and come to agreement on 249 countries. Once that is completed, then 
> we will have to maintain the list forever.
>
> I think that the CAs have been verifying Place of Business 
> appropriately, but the guidelines are just poorly worded. The result 
> is we do not know how to handle countries with no states and countries 
> that have states, but do not use them as part of the address. This 
> also means that the auditor can state that we have problems when we 
> either do not include the state field or falsely put information in 
> the state field.
>
> I would prefer that we just change the wording to as Tim put it, “if 
> it’s in the address, it’s required.” If moving forward, we see a 
> vulnerability with this method, then let’s at that time to consider 
> the other method.
>
> Thanks, Bruce.
>
> *From:* Tim Hollebeek [mailto:THollebeek at trustwave.com]
> *Sent:* Thursday, December 15, 2016 1:41 PM
> *To:* Kirk Hall <Kirk.Hall at entrustdatacard.com>; CA/Browser Forum 
> Validation WG List <validation at cabforum.org>; Bruce Morton 
> <Bruce.Morton at entrustdatacard.com>
> *Subject:* RE: Proposed ballot - EV State Optional
>
> Yes I like that even better as we can all debate the merits of each 
> case and agree on the correct handling so there is absolutely no 
> ambiguity.  Each country does tend to have subtle differences when 
> we’ve previously discussed this on the policy calls.
>
> But people don’t seem to want to do that, and if they still don’t, I 
> think “if it’s in the address, it’s required” is a reasonable low 
> effort solution to move forward.
>
> *From:*Kirk Hall [mailto:Kirk.Hall at entrustdatacard.com]
> *Sent:* Thursday, December 15, 2016 1:35 PM
> *To:* CA/Browser Forum Validation WG List; Bruce Morton
> *Cc:* Tim Hollebeek
> *Subject:* RE: Proposed ballot - EV State Optional
>
> Another possibility is to leave state or province as required, but 
> then add:
>
> “State or province is not required for the countries listed on Appendix X”
>
> Then we add places (Taiwan, Monaco, Vatican City, Germany, United 
> Kingdom) as people bring them forward.  We could include an initial 
> list with this ballot to avoid having to prepare another ballot to add 
> places.
>
> *From:* Validation [mailto:validation-bounces at cabforum.org] *On Behalf 
> Of *Tim Hollebeek via Validation
> *Sent:* Thursday, December 15, 2016 10:26 AM
> *To:* Bruce Morton <Bruce.Morton at entrustdatacard.com 
> <mailto:Bruce.Morton at entrustdatacard.com>>; CA/Browser Forum 
> Validation WG List <validation at cabforum.org 
> <mailto:validation at cabforum.org>>
> *Cc:* Tim Hollebeek <THollebeek at trustwave.com 
> <mailto:THollebeek at trustwave.com>>
> *Subject:* Re: [cabf_validation] Proposed ballot - EV State Optional
>
> Yes, I like something along those lines.
>
> *From:*Bruce Morton [mailto:Bruce.Morton at entrustdatacard.com]
> *Sent:* Thursday, December 15, 2016 1:25 PM
> *To:* Tim Hollebeek; CA/Browser Forum Validation WG List
> *Subject:* RE: Proposed ballot - EV State Optional
>
> How about this?
>
> Required/Optional:
>
> City and country – Required;
>
> State – Required, if verified per Section 11.4.1 as part of the 
> address for the Place of Business;
>
> Street and postal code – Optional
>
> If there is no state or the state is not used as part of the address, 
> then it is not required.
>
> Bruce.
>
> *From:* Tim Hollebeek [mailto:THollebeek at trustwave.com]
> *Sent:* Thursday, December 15, 2016 10:19 AM
> *To:* CA/Browser Forum Validation WG List <validation at cabforum.org 
> <mailto:validation at cabforum.org>>
> *Cc:* Bruce Morton <Bruce.Morton at entrustdatacard.com 
> <mailto:Bruce.Morton at entrustdatacard.com>>
> *Subject:* RE: Proposed ballot - EV State Optional
>
> But City + Country is not unique in many common, important cases 
> (“Springfield, United States”), and the state is also important since 
> state laws tend to vary quite a bit in the US … I think something more 
> in the spirit of the current BRs that does a better job of tightening 
> up what “where applicable” means would be better.
>
> I don’t want to lose the requirement that US EV certificates MUST 
> include the state.
>
> -Tim
>
> *From:*Validation [mailto:validation-bounces at cabforum.org] *On Behalf 
> Of *Bruce Morton via Validation
> *Sent:* Thursday, December 15, 2016 9:28 AM
> *To:* CA/Browser Forum Validation WG List
> *Cc:* Bruce Morton
> *Subject:* [cabf_validation] Proposed ballot - EV State Optional
>
> Here is a proposed ballot per my action.
>
> Thanks, Bruce.
>
> *Background*:
>
> There is confusion on whether the state or province OID MUST be 
> included in an EV certificate. EV section 9.2.7 states in one place 
> “State or province (where applicable)” and also “City, state and 
> country – Required.”
>
> Since many countries do not have states or provinces and some that do 
> have states or provinces do not use them for their address, it is 
> proposed that inclusion of the state or province OID should be optional.
>
> *-- MOTION BEGINS --*
>
> /Current section 9.2.7 of EV Guidelines/:
>
> *Required/Optional:*City, state, and country – Required; Street and 
> postal code – Optional
>
> /Proposed section 9.2.7 of EV Guidelines:/
>
> *Required/Optional:*City and country – Required; Street, state and 
> postal code – Optional
>
> *-- MOTION ENDS -- *
>
> The review period for this ballot shall commence at 2200 UTC on XX, 
> and will close at 2200 UTC on XX. Unless the motion is withdrawn 
> during the review period, the voting period will start immediately 
> thereafter and will close at 2200 UTC on XX. Votes must be cast by 
> posting an on-list reply to this thread.
>
> A vote in favor of the motion must indicate a clear 'yes' in the 
> response. A vote against must indicate a clear 'no' in the response. A 
> vote to abstain must indicate a clear 'abstain' in the response. 
> Unclear responses will not be counted. The latest vote received from 
> any representative of a voting member before the close of the voting 
> period will be counted. Voting members are listed here: 
> https://cabforum.org/members/ 
> <https://scanmail.trustwave.com/?c=4062&d=4uLS2LctdUselJfNN_qKqhlUiQGKRBR1RnDgtqpA8A&s=5&u=https%3a%2f%2fcabforum%2eorg%2fmembers%2f> 
>
>
> In order for the motion to be adopted, two thirds or more of the votes 
> cast by members in the CA category and greater than 50% of the votes 
> cast by members in the browser category must be in favor. Quorum is 
> currently nine (9) members– at least nine members must participate in 
> the ballot, either by voting in favor, voting against, or abstaining.
>
> ------------------------------------------------------------------------
>
>
> This transmission may contain information that is privileged, 
> confidential, and/or exempt from disclosure under applicable law. If 
> you are not the intended recipient, you are hereby notified that any 
> disclosure, copying, distribution, or use of the information contained 
> herein (including any reliance thereon) is strictly prohibited. If you 
> received this transmission in error, please immediately contact the 
> sender and destroy the material in its entirety, whether in electronic 
> or hard copy format.
>
> ------------------------------------------------------------------------
>
>
> This transmission may contain information that is privileged, 
> confidential, and/or exempt from disclosure under applicable law. If 
> you are not the intended recipient, you are hereby notified that any 
> disclosure, copying, distribution, or use of the information contained 
> herein (including any reliance thereon) is strictly prohibited. If you 
> received this transmission in error, please immediately contact the 
> sender and destroy the material in its entirety, whether in electronic 
> or hard copy format.
>
> ------------------------------------------------------------------------
>
>
> This transmission may contain information that is privileged, 
> confidential, and/or exempt from disclosure under applicable law. If 
> you are not the intended recipient, you are hereby notified that any 
> disclosure, copying, distribution, or use of the information contained 
> herein (including any reliance thereon) is strictly prohibited. If you 
> received this transmission in error, please immediately contact the 
> sender and destroy the material in its entirety, whether in electronic 
> or hard copy format.
>
>
>
> _______________________________________________
> Validation mailing list
> Validation at cabforum.org
> https://cabforum.org/mailman/listinfo/validation

-- 

Cordiali saluti,

Adriano Santoni
ACTALIS S.p.A.
(Aruba Group)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4025 bytes
Desc: Firma crittografica S/MIME
URL: <http://cabforum.org/pipermail/validation/attachments/20161216/0e1578e2/attachment.bin>


More information about the Validation mailing list