[cabfpub] OIDs for DV and OV

Erwann Abalea erwann.abalea at opentrust.com
Thu Oct 30 12:55:53 MST 2014


Bonjour Wen-Cheng,

Le 30/10/2014 18:58, ÍõÎÄÕý a ¨¦crit :
>
> Dear Erwann,
>
> I really don't want to waste mailing list bandwidth to discuss
> political issues here. However, there are some statements you wrote in
> your last reply need to be corrected.
>

I don't think it's a waste. CABForum already had to discuss about
country codes for non UN approved countries, such as Kosovo. I see the
present discussion as an extension of this previous one.

> 1. Regarding the www.oid-info.com site, it is clearly stated on its
> homepage that 'this OID repository is not an official registration
> authority for OIDs'.
>

That's right. www.oid-info.com is NOT a registration authority, in the
sense that this site does not allocate OID arcs to entities.
www.oid-info.com is the OID repository maintained by ITU-T SG17, which
is also the official registration authority of the 2.16 arc. If you get
the X.660 recommendation (freely downloadable from
http://www.itu.int/ITU-T/recommendations/rec.aspx?rec=11336), you'll see
they provide this website as an information service about OIDs.

> 2. The Taiwan country OID arcs should belong to Taiwan government.
> Speaking of OID hijack, the Taiwan OID arcs were orginally hijacked by
> Raymond Lee since 1998. Raymond Lee is actually a Hong Kong citizen
> and Taiwan government never nominated him as the registration
> authority of Taiwan OID arcs. Raymon Lee put some malicious
> description on the web pages of Taiwan OID arcs on purpose. Several
> years ago, Taiwan government had ever ask Raymond Lee to return back
> the Taiwan OID arcs, but Raymond Lee ask Taiwan government to pay him
> a lot of money if they want to take back the Taiwan OID arcs. Taiwan
> government of course refused the extort and sent an offical letter to
> ask the operator of the www.oid-info.com site to cancel Raymond Lee
> right as registration authority of Taiwan OID arcs. Unfortunately, the
> operator of the www.oid-info.com site did not take any action. Now,
> the Taiwan OID arcs on the www.oid-info.com site are hijacked again by
> the Taiwan Registration and Certification Authority Inc. (your
> so-called TWRA). As far as I know, Taiwan government never nominated
> TWRA as the registration authority of Taiwan OID arcs. I can not even
> found company registration information of Taiwan Registration and
> Certification Authority Inc. in Taiwan.
>
> I really don't know what is going on with the www.oid-info.com site.
> Why do they allow Taiwan country OID arcs be hijacked and ignore
> Taiwan government's request to take back the country OID arcs?
>
> My dear Erwann, if you know which person of the www.oid-info.com site
> the Taiwan government should contact, please kindly let me know. I am
> sure Taiwan government will be glad to send an offical letter to that
> right person to take back the country OID arcs.
>

Official Taiwan OID arc is 2.16.158.
The exact procedure to get control of the 2.16.158 arc is described in
X.660. There's no money to be exchanged with Raymond Lee.
It requires the joint decision of Taiwan's ITU Member State and Taiwan's
ISO Member Body, and this decision has to be sent to ITU-T SG17 and
ISO/IEC JTC 1/SC6.

ITU Member States and ISO Member Bodies are listed here:
-
http://www.itu.int/online/mm/scripts/mm.list?_search=ITUstates&_languageid=1&_foto=y
- http://www.iso.org/iso/about/iso_members.htm
Unfortunately, Taiwan appears nowhere in these lists. Your government
MUST start here.

I already contacted the SG17 OID project leader and oid-info.com
maintainer (same person, Olivier Dubuisson) about this problem 2 years
ago, and his answer was that the request must officially go the ITU way.

I agree this is unsatisfactory, unfortunate, unfair, un-whatever, but
IANA PEN is a perfect source to get your own OID arc, until Taiwan
government does its job.
For now, 2.16.158, 2.16.886, 1.2.158 and 1.2.886 cannot be used as OID
prefixes.

> Wen-Cheng Wang
> ------------------------------------------------------------------------
> *¼Ä¼þÕß:* Erwann Abalea [erwann.abalea at opentrust.com]
> *¼Ä¼þÈÕÆÚ:* 2014Äê10ÔÂ30ÈÕ ÏÂÎç 10:10
> *ÊÕ¼þÕß:* ÍõÎÄÕý; public at cabforum.org
> *Ö÷Ö¼:* Re: [cabfpub] OIDs for DV and OV
>
> Bonjour Wen-Cheng,
>
> The political situation of Taiwan complicates the OID arcs that depend
> on their recognition by UN (the 1.2.* and 2.16.* arcs).
>
> ITU X.660 defines rules for OID registration:
> - under { iso(1) member-body(2) }, there's an integer taken from
> ISO3166-1 (the numeric country code), and this arc is assigned to the
> ISO national body of this country
> - under { joint-iso-itu-t(2) country(16) }, numeric-3 codes of
> ISO3166-1 are reserved and assigned to registration authorities
> choosen by the country's ITU member state and ISO national body
>
> 886 has never been the ISO 3166-1 numeric code of Taiwan (this code
> was attributed to Yemen).
> 886 is the telephone prefix code for Taiwan, that's all.
>
> By comparison, France telephone prefix code is 33, but ISO3166-1
> numeric code for France is 250. USA telephone country code is 1
> (shared with Canada, Puerto Rico, and others), USA ISO3166-1 numeric
> code is 840.
>
> Nobody is free to take whatever OID arc they find pleasant. We must
> all follow rules for certificate issuance, there are also rules for
> the OID space.
>
> TWCA had the same problem for their EV OID, they were hijacking an OID
> under the 2.16.158 arc, refusing to request one from the official
> owner of this arc (TWRA). They were asked to request a dedicated arc
> under IANA PEN (1.3.6.1.4.1.40869).
>
> Political status of Taiwan is unfortunate, but if CABForum is willing
> to adopt rules for OV/DV OIDs as it has done for EV, what you're
> asking for is to import those political issues into CABForum, and to
> adopt a bad behaviour that will surely become a legacy problem in the
> future. Since you're not issuing EV certificates at the moment, you
> have no problem to switch to a IANA PEN OID.
>
> BTW, an official source of information for OID arcs is the
> www.oid-info.com site.
>
> -- 
> Erwann ABALEA
>
> Le 30/10/2014 12:49, ÍõÎÄÕý a ¨¦crit :
>>
>> Dear Erwann,
>>
>> Indeed there are conflicts about which OID should Taiwan use due to
>> very complicated political issues.
>>
>> The truth is Taiwan government has already used 2.16.886 for many
>> years. I do not think the CAB forum is willing to discuss political
>> issues here. So why do we just leave it there unless the UN and the
>> government decide to change the status.
>>
>> Wen-Cheng Wang
>>
>> *From:*public-bounces at cabforum.org
>> [mailto:public-bounces at cabforum.org] *On Behalf Of *Erwann Abalea
>> *Sent:* Thursday, October 30, 2014 6:53 PM
>> *To:* public at cabforum.org
>> *Subject:* Re: [cabfpub] OIDs for DV and OV
>>
>> Except that the 2.16.886 arc has never been assigned to Taiwan, so
>> you cannot use it.
>>
>>
>> -- 
>> Erwann ABALEA
>>  
>>
>> Le 29/10/2014 11:46, êÁ¢Èºa ¨¦crit :
>>
>>     Dear Dean,
>>
>>     The OV OID used by Chunghwa Telecom Co., Ltd. is
>>     2.16.886.1.1.100.0.3.
>>
>>     We will add CA/Browser Forum OV/DV OID to our SHA-2 intermediate
>>     CA and SHA-2 End Entity SSL Certificate about December. At
>>     present , Chunghwa Telecom Co., Ltd. does not issue DV SSL
>>     certificate.
>>
>> *
>>
>> ±¾Ðżþ¿ÉÄÜ°üº¬ÖÐÈAëŠÐŹɷÝÓÐÏÞ¹«Ë¾™CÃÜÙYӍ,·ÇÖ¸¶¨Ö®ÊÕ¼þÕß,ÕˆÎðÉL¼¯¡¢
>> ÌŽÀí»òÀûÓñ¾ÐÅ ¼þƒÈÈÝ,KÕˆ äNš§´ËÐżþ. ÈçžéÖ¸¶¨ÊÕ¼þÕß,‘ª´_Œ±£×oà]¼þ
>> Öб¾¹«Ë¾Ö® I˜I™CÃܼ°‚€ÈËÙYÁÏ,²»µÃÈÎÒâ‚÷Ñ»ò½Ò¶,K‘ª×ÔÐд_ÕJ±¾à]¼þÖ®
>> ¸½™nÅc³¬ßB½YÖ®°²È«ÐÔ,ÒÔ ¹²Í¬ÉƱMÙYӍ°²È«Åc‚€ÙY±£×oØŸÈÎ.
>> Please be advised that this email message (including any attachments)
>> contains confidential information and may be legally privileged. If
>> you are not the intended recipient, please destroy this message and
>> all attachments from your system and do not further collect, process,
>> or use them. Chunghwa Telecom and all its subsidiaries and associated
>> companies shall not be liable for the improper or incomplete
>> transmission of the information contained in this email nor for any
>> delay in its receipt or damage to your system. If you are the
>> intended recipient, please protect the confidential and/or personal
>> information contained in this email with due care. Any unauthorized
>> use, disclosure or distribution of this message in whole or in part
>> is strictly prohibited. Also, please self-inspect attachments and
>> hyperlinks contained in this email to ensure the information security
>> and to protect personal information.* 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20141030/8e7d28bb/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 37275 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20141030/8e7d28bb/attachment-0001.jpe 


More information about the Public mailing list