[cabfpub] OIDs for DV and OV

Erwann Abalea erwann.abalea at opentrust.com
Thu Oct 30 07:10:04 MST 2014


Bonjour Wen-Cheng,

The political situation of Taiwan complicates the OID arcs that depend
on their recognition by UN (the 1.2.* and 2.16.* arcs).

ITU X.660 defines rules for OID registration:
- under { iso(1) member-body(2) }, there's an integer taken from
ISO3166-1 (the numeric country code), and this arc is assigned to the
ISO national body of this country
- under { joint-iso-itu-t(2) country(16) }, numeric-3 codes of ISO3166-1
are reserved and assigned to registration authorities choosen by the
country's ITU member state and ISO national body

886 has never been the ISO 3166-1 numeric code of Taiwan (this code was
attributed to Yemen).
886 is the telephone prefix code for Taiwan, that's all.

By comparison, France telephone prefix code is 33, but ISO3166-1 numeric
code for France is 250. USA telephone country code is 1 (shared with
Canada, Puerto Rico, and others), USA ISO3166-1 numeric code is 840.

Nobody is free to take whatever OID arc they find pleasant. We must all
follow rules for certificate issuance, there are also rules for the OID
space.

TWCA had the same problem for their EV OID, they were hijacking an OID
under the 2.16.158 arc, refusing to request one from the official owner
of this arc (TWRA). They were asked to request a dedicated arc under
IANA PEN (1.3.6.1.4.1.40869).

Political status of Taiwan is unfortunate, but if CABForum is willing to
adopt rules for OV/DV OIDs as it has done for EV, what you're asking for
is to import those political issues into CABForum, and to adopt a bad
behaviour that will surely become a legacy problem in the future. Since
you're not issuing EV certificates at the moment, you have no problem to
switch to a IANA PEN OID.

BTW, an official source of information for OID arcs is the
www.oid-info.com site.

-- 
Erwann ABALEA

Le 30/10/2014 12:49, ÍõÎÄÕý a ¨¦crit :
>
> Dear Erwann,
>
> Indeed there are conflicts about which OID should Taiwan use due to
> very complicated political issues.
>
> The truth is Taiwan government has already used 2.16.886 for many
> years. I do not think the CAB forum is willing to discuss political
> issues here. So why do we just leave it there unless the UN and the
> government decide to change the status.
>
> Wen-Cheng Wang
>
> *From:*public-bounces at cabforum.org
> [mailto:public-bounces at cabforum.org] *On Behalf Of *Erwann Abalea
> *Sent:* Thursday, October 30, 2014 6:53 PM
> *To:* public at cabforum.org
> *Subject:* Re: [cabfpub] OIDs for DV and OV
>
> Except that the 2.16.886 arc has never been assigned to Taiwan, so you
> cannot use it.
>
>
> -- 
> Erwann ABALEA
>  
>
> Le 29/10/2014 11:46, êÁ¢Èºa ¨¦crit :
>
>     Dear Dean,
>
>     The OV OID used by Chunghwa Telecom Co., Ltd. is
>     2.16.886.1.1.100.0.3.
>
>     We will add CA/Browser Forum OV/DV OID to our SHA-2 intermediate
>     CA and SHA-2 End Entity SSL Certificate about December. At present
>     , Chunghwa Telecom Co., Ltd. does not issue DV SSL certificate.
>
> *
>
> ±¾Ðżþ¿ÉÄÜ°üº¬ÖÐÈAëŠÐŹɷÝÓÐÏÞ¹«Ë¾™CÃÜÙYӍ,·ÇÖ¸¶¨Ö®ÊÕ¼þÕß,ÕˆÎðÉL¼¯¡¢ÌŽ
> Àí»òÀûÓñ¾ÐżþƒÈÈÝ,KÕˆ äNš§´ËÐżþ. ÈçžéÖ¸¶¨ÊÕ¼þÕß,‘ª´_Œ±£×oà]¼þÖб¾
> ¹«Ë¾Ö® I˜I™CÃܼ°‚€ÈËÙYÁÏ,²»µÃÈÎÒâ‚÷Ñ»ò½Ò¶,K‘ª×ÔÐд_ÕJ±¾à]¼þÖ®¸½™nÅc
> ³¬ßB½YÖ®°²È«ÐÔ,ÒÔ ¹²Í¬ÉƱMÙYӍ°²È«Åc‚€ÙY±£×oØŸÈÎ.
> Please be advised that this email message (including any attachments)
> contains confidential information and may be legally privileged. If
> you are not the intended recipient, please destroy this message and
> all attachments from your system and do not further collect, process,
> or use them. Chunghwa Telecom and all its subsidiaries and associated
> companies shall not be liable for the improper or incomplete
> transmission of the information contained in this email nor for any
> delay in its receipt or damage to your system. If you are the intended
> recipient, please protect the confidential and/or personal information
> contained in this email with due care. Any unauthorized use,
> disclosure or distribution of this message in whole or in part is
> strictly prohibited. Also, please self-inspect attachments and
> hyperlinks contained in this email to ensure the information security
> and to protect personal information.* 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20141030/23fcb608/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 37275 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20141030/23fcb608/attachment-0001.jpe 


More information about the Public mailing list