[cabf_validation] Given Name and Surname

Richard Wang richard at wosign.com
Wed May 25 02:24:36 MST 2016 

Thanks.

WoSign like to endorse this ballot.



Regards,



Richard



From: validation-bounces at cabforum.org [mailto:validation-bounces at cabforum.org] On Behalf Of Jeremy Rowley
Sent: Wednesday, May 25, 2016 5:08 PM
To: validation (validation at cabforum.org) <validation at cabforum.org>
Subject: [cabf_validation] Given Name and Surname



Over the past year, we¡¯ve discussed a few times about the lack of support for givenName and surname in the BRs.



Here¡¯s a rough ballot proposal to add support:



Insert a new (C) under 7.1.4.2.2, renumbering all subsequent bullets.



c. Certificate Field: subject:givenName (2.5.4.42) and subject:surname (2.5.4.4)

Optional.

Contents:  If present, the subject:givenName field and subject:surname field MUST contain an natural person Subject¡¯s name as verified under Section 3.2.3.



d. Certificate Field: Number and street: subject:streetAddress (OID: 2.5.4.9)

    Optional if the subject:organizationName field or subject:surname field are is present. Prohibited if the subject:organizationName field and subject:surname field are is absent.

   Contents: If present, the subject:streetAddress field MUST contain the Subject¡¯s street address information as verified under Section 3.2.2.1.



e. Certificate Field: subject:localityName (OID: 2.5.4.7)

Required if the subject:organizationName field or subject:surname field are is present and the subject:stateOrProvinceName field is absent. Optional if the subject:stateOrProvinceName field and either the subject:organizationName field or subject:surname  field are present. Prohibited if the subject:organizationName field and subject:surname field are is absent.

Contents: If present, the subject:localityName field MUST contain the Subject¡¯s locality information as verified under Section 3.2.2.1. If the subject:countryName field specifies the ISO 3166©\1 user©\assigned code of XX in accordance with Section 7.1.4.2.2(g), the localityName field MAY contain the Subject¡¯s locality and/or state or province information as verified under Section 3.2.2.1.



f. Certificate Field: subject:stateOrProvinceName (OID: 2.5.4.8)

Required if the subject:organizationName field field or subject:surname field are is present and the subject:localityName field is absent. Optional if the subject:localityName field and either the subject:organizationName field or subject:surname field are present. Prohibited if the subject:organizationName field or subject:surname field are is absent. Contents: If present, the subject:stateOrProvinceName field MUST contain the Subject¡¯s state or province information as verified under Section 3.2.2.1. If the subject:countryName field specifies the ISO 3166©\1 user©\assigned code of XX in accordance with Section 7.1.4.2.2(g), the subject:stateOrProvinceName field MAY contain the full name of the Subject¡¯s country information as verified under Section 3.2.2.1.



g. Certificate Field: subject:postalCode (OID: 2.5.4.17)

Optional if the subject:organizationName or subject:surname fields are is present. Prohibited if the subject:organizationName field or subject:surname field are is absent.

Contents: If present, the subject:postalCode field MUST contain the Subject¡¯s zip or postal information as verified under Section 3.2.2.1.



h. Certificate Field: subject:countryName (OID: 2.5.4.6)

Required if the subject:organizationName field or subject:surname field is present. Optional if the subject:organizationName field and or subject:surname field are is absent.

Contents: If the subject:organizationName field is present, the subject:countryName MUST contain the two©\letter ISO 3166©\1 country code associated with the location of the Subject verified under Section 3.2.2.1. If the subject:organizationName and subject:surname  field are  is absent, the subject:countryName field MAY contain the two©\letter ISO 3166©\1 country code associated with the Subject as verified in accordance with Section 3.2.2.3. If a Country is not represented by an official ISO 3166©\1 country code, the CA MAY specify the ISO 3166©\1 user©\assigned code of XX indicating that an official ISO 3166©\1 alpha©\2 code has not been assigned.



i. Certificate Field: subject:organizationalUnitName

Optional.

Contents: The CA SHALL implement a process that prevents an OU attribute from including a name, DBA, tradename, trademark, address, location, or other text that refers to a specific natural person or Legal Entity unless the CA has verified this information in accordance with Section 3.2 and the Certificate also contains subject:organizationName, subject:surname, subject:localityName, and subject:countryName attributes, also verified in accordance with Section 3.2.2.1.



7.1.6.1

¡­

If the Certificate asserts the policy identifier of 2.23.140.1.2.1, then it MUST NOT include organizationName, givenName, surname, streetAddress, localityName, stateOrProvinceName, or postalCode in the Subject field.

¡­

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/validation/attachments/20160525/ed2190df/attachment-0001.html

More information about the Validation mailing list