[cabf_validation] Deprecating and prohibiting `subject:organizationName`

Paul van Brouwershaven Paul.vanBrouwershaven at entrust.com
Tue May 25 13:47:23 UTC 2021


Entrust is proposing this change to deprecate and finally prohibit the `subject:organizationName` as a follow-up to our previous proposal that failed to gain consensus on the way to improve the validation. Ben Wilson from Mozilla and Chema Lopez from Firmaprofesional have indicated to endorse this proposal to deprecation and finally prohibit the OU.

Before we submit the ballot, we would like to know if the members of the validation working group are fine with the definition 'documented case-by-case exception' that is required in this proposal and expects the CA to create or collect documentation on why this exception was required.

i. __Certificate Field:__ `subject:organizationalUnitName` (OID: 2.5.4.11)
   __Required/Optional:__ __Optional__.
   __Required/Optional:__
   __Prohibited__ if the `subject:organizationName` is absent.
   __Prohibited__ after May 31, 2022 but allowed as a documented case-by-case exception until and including May 31, 2024.
   __Deprecated__ discouraged until prohibited.

Comparing cabforum:main...vanbroup:oudeprecation · cabforum/servercert (github.com)<https://github.com/cabforum/servercert/compare/main...vanbroup:oudeprecation>

Thanks,

Paul

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20210525/4132fbd8/attachment.html>


More information about the Validation mailing list