[cabf_validation] Change to EV 9.2.7

陳立群 realsky at cht.com.tw
Thu Mar 2 19:21:26 MST 2017 

Dear Jeremy,

 

    Sorry, there is typo in previous mail.  And lost some information. I correct as below:

 

So I don’t know that I have ever posted in Validation Working Group that State is not required in Taiwan about EVGL 9.2.7.  But it seems in your ballot EVGL 9.2.7, you still let State/Province be required. Did your discussion on Jan.,26  let me divide amendment of  SSL BR 7.1.4.2.2 & EVGL 9.2.5 to other two ballots? And you or Bruce propose Ballot No. 191?

 

     Note that for central government agency or company, the Naming rule of Taiwan GPKI certificate & CRL profile is somewhat different with SSL BR , so we hope Taiwan or other country will be exception.

 

Sincerely Yours,

 

              Li-Chun Chen

              Chunghwa Telecom

 

 

 

From: Validation [mailto:validation-bounces at cabforum.org] On Behalf Of 陳立群 via Validation
Sent: Friday, March 03, 2017 10:09 AM
To: 'CA/Browser Forum Validation WG List'
Cc: 陳立群
Subject: [外部郵件] Re: [cabf_validation] Change to EV 9.2.7

 

Dear Mark,

 

     Is D&B records a QGIS or QTIS in EVGL?

 

     There is a QGIS set up by Department of Commerce, Ministry of Economical Affairs for Companies, Businesses and Factories. There is a QTIS for Taxpayer (Legal Person) set up by Fiscal Information Agency, Ministry of Finance in Taiwan. 

 

      I agree with you view point that “a place” of business is going to be much harder for issuers to verify as a business may have many locations that aren’t necessarily registered with entities.

 

     I suggest to let the vetting team or RA operators (RA counter) keep the audit trails for verify QGIS or QTIS or rely on a Registration Form or Change Registration Form.

 

    Because in Government CA, there may be DIT and DN rule that is somewhat different with commercial CA.

 

     (My presentation file is in https://cabforum.org/wp-content/uploads/Amendment-of-BR-7.1.4.2.2.pdf

in Redmond F2F meeting.  In Oct., 2014 I already discussed the issue in 33 F2F meeting )

 

Dear Jeremy,

 

       Because I had a cold ,sore throats and bronchial inflammation, the doctor advised me not to stay up late. I can't join Jan.26 Validation Call meeting. I had email you.

So I don’t that I have ever post in Validation Working Group that State is not required in Taiwan. But it seems in your ballot EV 9.2.7, you still let it be required. Do your discussion on Jan.,26 was that let me divide amendment of  SSL BR 7.1.4.2.2 & EVGL 9.2.5 to other two ballot?

 

Sincerely Yours,

 

              Li-Chun Chen

              Chunghwa Telecom

 

 

From: Validation [mailto:validation-bounces at cabforum.org] On Behalf Of Mark B. Cooper via Validation
Sent: Friday, March 03, 2017 3:29 AM
To: CA/Browser Forum Validation WG List
Cc: Mark B. Cooper
Subject: [外部郵件] Re: [cabf_validation] Change to EV 9.2.7

 

I suspect defining the place of business as being the legally registered location of the business would be a more accurate and descriptive term. This would be easier to verify in D&B records as well as other sources. “a place” of business is going to be much harder for issuers to verify as a business may have many locations that aren’t necessarily registered with entities.

 

-Mark

 

Mark B. Cooper

President & Founder

PKI Solutions Inc.

 <http://www.pkisolutions.com> www.pkisolutions.com

Telephone: +1 971 231 5523

 

From: Validation [mailto:validation-bounces at cabforum.org] On Behalf Of Rick Andrews via Validation
Sent: Wednesday, March 1, 2017 3:48 PM
To: CA/Browser Forum Validation WG List <validation at cabforum.org>
Cc: Rick Andrews <Rick_Andrews at symantec.com>
Subject: Re: [cabf_validation] Change to EV 9.2.7

 

Jeremy,

 

“This field MUST contain the address of the physical location of the Subject’s Place of Business.” What does “the” mean here? Many businesses have multiple physical locations. Should it be “a” instead? Should we clarify that it doesn’t have to be the physical location of the server(s) hosting the certificate?

 

-Rick

 

From: Validation [mailto:validation-bounces at cabforum.org] On Behalf Of Jeremy Rowley via Validation
Sent: Wednesday, February 22, 2017 11:30 PM
To: CA/Browser Forum Validation WG List <validation at cabforum.org>
Cc: Jeremy Rowley <jeremy.rowley at digicert.com>
Subject: Re: [cabf_validation] Change to EV 9.2.7

 

I’ve created this as ballot 191. Do we have a second endorser? 

 

Ballot 191 - Clarify Place of Business Information Field Inclusion

 

The current EV Guidelines are not clear on what address information is required in a certificate. This ballot clarifies the requirements.

 

--Motion Begins--

 

A. Modify Section 9.2.7 as follows:

 

'''9.2.7. Subject Physical Address of Place of Business Field'''

 

Certificate fields:

 

Number and street: subject:streetAddress (OID: 2.5.4.9)

 

City or town: subject:localityName (OID: 2.5.4.7) 

 

State or province (where applicable): subject:stateOrProvinceName (OID: 2.5.4.8)

 

Country: subject:countryName (OID: 2.5.4.6)

 

Postal code: subject:postalCode (OID: 2.5.4.17)

 

Required/Optional: --(City, state, and country – Required; Street and postal code – Optional)-- __As stated in Section 7.1.4.2.2 d, e, f, g and h of the Baseline Requirements__

 

Contents: This field MUST contain the address of the physical location of the Subject’s Place of Business.

 

--Motion Ends--

 

From: Validation [mailto:validation-bounces at cabforum.org] On Behalf Of Bruce Morton via Validation
Sent: Wednesday, January 25, 2017 12:51 PM
To: CA/Browser Forum Validation WG List <validation at cabforum.org>
Cc: Bruce Morton <Bruce.Morton at entrustdatacard.com>
Subject: [cabf_validation] Change to EV 9.2.7

 

To deal with the Require/Optional requirement or the Place of Business, I propose a simple change which will make the EV Guidelines consistent with the Baseline Requirements.

 

The EV Guidelines currently state:

9.2.7. Subject Physical Address of Place of Business Field

Certificate fields:

Number and street: subject:streetAddress (OID: 2.5.4.9)

City or town: subject:localityName (OID: 2.5.4.7) 

State or province (where applicable): subject:stateOrProvinceName (OID: 2.5.4.8)

Country: subject:countryName (OID: 2.5.4.6)

Postal code: subject:postalCode (OID: 2.5.4.17)

Required/Optional: City, state, and country – Required; Street and postal code – Optional

Contents: This field MUST contain the address of the physical location of the Subject’s Place of Business.

 

To address the Required/Optional issue, I propose the following change.

9.2.7. Subject Physical Address of Place of Business Field

Certificate fields:

Number and street: subject:streetAddress (OID: 2.5.4.9)

City or town: subject:localityName (OID: 2.5.4.7) 

State or province (where applicable): subject:stateOrProvinceName (OID: 2.5.4.8)

Country: subject:countryName (OID: 2.5.4.6)

Postal code: subject:postalCode (OID: 2.5.4.17)

Required/Optional: As stated in Section 7.1.4.2.2 d, e, f, g and h of the Baseline Requirements

Contents: This field MUST contain the address of the physical location of the Subject’s Place of Business.

 

 

本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利用本信件內容,並請銷毀此信件. 如為指定收件者,應確實保護郵件中本公司之營業機密及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性,以共同善盡資訊安全與個資保護責任. 

Please be advised that this email message (including any attachments) contains confidential information and may be legally privileged. If you are not the intended recipient, please destroy this message and all attachments from your system and do not further collect, process, or use them. Chunghwa Telecom and all its subsidiaries and associated companies shall not be liable for the improper or incomplete transmission of the information contained in this email nor for any delay in its receipt or damage to your system. If you are the intended recipient, please protect the confidential and/or personal information contained in this email with due care. Any unauthorized use, disclosure or distribution of this message in whole or in part is strictly prohibited. Also, please self-inspect attachments and hyperlinks contained in this email to ensure the information security and to protect personal information.

 

 



本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利用本信件內容,並請銷毀此信件. 如為指定收件者,應確實保護郵件中本公司之營業機密及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性,以共同善盡資訊安全與個資保護責任. 
Please be advised that this email message (including any attachments) contains confidential information and may be legally privileged. If you are not the intended recipient, please destroy this message and all attachments from your system and do not further collect, process, or use them. Chunghwa Telecom and all its subsidiaries and associated companies shall not be liable for the improper or incomplete transmission of the information contained in this email nor for any delay in its receipt or damage to your system. If you are the intended recipient, please protect the confidential and/or personal information contained in this email with due care. Any unauthorized use, disclosure or distribution of this message in whole or in part is strictly prohibited. Also, please self-inspect attachments and hyperlinks contained in this email to ensure the information security and to protect personal information.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20170303/4c18f54e/attachment-0001.html>

More information about the Validation mailing list