[cabf_validation] Proposed Update to EV to include OrganisationIdentifier as per ETSI standard

[Tim Hollebeek]

I think it can be encoded in qcStatements or something similar, and I have encouraged the ETSI and qualified cert folks to consider options like that going forward.  At this point, though, that would require them changing their standards, and as we all know, that can take a while.

 

So qcStatements does not solve the problem of the existing conflict between the ETSI requirements and the BRs.  It seems like something along the lines of what Nick proposes should be acceptable, if we point to all the appropriate ETSI clauses for format and validation requirements.  As you correctly note, we don’t want unvalidated information being tossed into the field.

 

I suspect the ETSI folks are going to be far more willing to listen to us on qcStatements if we are willing to find a way to accommodate their needs on organizationIdentifiers.

 

-Tim

 

As discussed during the F2F, it seems that there's a far more viable option that's aligned with publicly trusted certificates, namely, that of aligning in the QcStatements. We spent quite some time trying to understand the rationale and necessity of encoding in the subject, as it seemed like it was based on both a misunderstanding of the value proposition and of the technical necessity.

 

I would again reiterate those concerns, to ask why this information cannot be encoded within the qcStatements.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20180611/dc1c657b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20180611/dc1c657b/attachment.p7s>