[cabfpub] EV Gudelines section 9.2.5 & X.520

Rich Smith richard.smith at comodo.com
Wed Jul 13 17:26:43 UTC 2016 

I don't have any concrete objection to these OIDs being maintained under 
Microsoft's hierarchy, however as memory serves they were put there 
because at the time the CA/B Forum did not have an OID hierarchy of our 
own under which to create them.  Personally I think it would be a good 
idea to duplicate these OIDs in house at this point, and over time 
deprecate the use of the ones under the Microsoft structure.  I don't 
think this is a pressing issue, and probably not even strictly 
necessary, but I do see it as a matter of good 'house-keeping'.  If 
they're under CA/B Forum control we don't need to ask someone else to 
define them, and we don't have to accept their definition if it's one we 
don't necessarily agree with.

Regards,
Rich

On 6/29/2016 11:02 AM, Erwann Abalea wrote:
> Bonjour,
>
> I haven't seen an authoritative definition of these 3 attributes, but 
> always considered them the way Peter described them.
>
> Maybe Microsoft should propose a clear definition, using the syntax 
> from RFC5912, something like this:
>
> id-MS-jurisdictionLocalityName OBJECT IDENTIFIER ::= { 1 3 6 1 4 1 311 
> 60 2 1 1 }
> id-MS-jurisdictionStateOrProvinceName OBJECT IDENTIFIER ::= { 1 3 6 1 
> 4 1 311 60 2 1 2 }
> id-MS-jurisdictionCountryName OBJECT IDENTIFIER ::= { 1 3 6 1 4 1 311 
> 60 2 1 3 }
>
> at-jurisdictionCountryName ATTRIBUTE ::= {
>   TYPE PrintableString (SIZE (2))
>   IDENTIFIED BY id-MS-jurisdictionCountryName
> }
>
> at-jurisdictionStateOrProvinceName ATTRIBUTE ::= {
>   TYPE DirectoryString {ub-state-name}
>   IDENTIFIED BY id-MS-jurisdictionStateOrProvinceName
> }
>
> at-jurisdictionLocalityName ATTRIBUTE ::= {
>   TYPE DirectoryString {ub-locality-name}
>   IDENTIFIED BY id-MS-jurisdictionLocalityName
> }
>
> DirectoryString is also redefined in RFC5912 to have a size constraint.
>
> Cordialement,
> Erwann Abalea
>
>> Le 29 juin 2016 à 17:08, ??? <realsky at cht.com.tw 
>> <mailto:realsky at cht.com.tw>> a écrit :
>>
>> In X.520 as attached file or RFC 
>> 5280(https://tools.ietf.org/html/rfc5280) , There are no 
>> jurisdictionLocalityName (OID: 1.3.6.1.4.1.311.60.2.1.1),
>> jurisdictionStateOrProvinceName (OID: 1.3.6.1.4.1.311.60.2.1.2), 
>> jurisdictionCountryName (OID: 1.3.6.1.4.1.311.60.2.1.3).  You can use 
>> search function to search attached PDF file.
>>
>> These three OIDs are registered by Microsoft. Please see 
>> http://www.alvestrand.no/objectid/1.3.6.1.4.1.311.60.2.1.1.html, 
>> http://www.alvestrand.no/objectid/1.3.6.1.4.1.311.60.2.1.2.html and 
>> http://www.alvestrand.no/objectid/1.3.6.1.4.1.311.60.2.1.3.html
>>
>> Peter referenced EV GL 9.2.5 such as
>> Naming attributes of type X520LocalityName
>> id-at-localityName AttributeType ::= { id-at 7 }
>> that id is 2.5.4.
>> But Country Name (2.5.4.6), State or Province Name (2.5.4.8) and 
>>  Locality Name (2.5.4.7) are appeared in X.520.
>>
>> Li-Chun CHEN
>>
>> -----Original Message-----
>> From: public-bounces at cabforum.org 
>> <mailto:public-bounces at cabforum.org> 
>> [mailto:public-bounces at cabforum.org] On Behalf Of Peter Bowen
>> Sent: Friday, June 17, 2016 4:52 AM
>> To: CABFPub
>> Subject: [cabfpub] EV Gudelines section 9.2.5 & X.520
>> On today's validation working group call, there was a question about 
>> how X.520 related to the attributes defined in section 9.2.5 of the 
>> EV Guidelines.
>> This section says:
>> "Locality (if required):
>> subject:jurisdictionLocalityName (OID: 1.3.6.1.4.1.311.60.2.1.1)
>> ASN.1 - X520LocalityName as specified in RFC 5280
>> State or province (if required):
>> subject:jurisdictionStateOrProvinceName (OID: 1.3.6.1.4.1.311.60.2.1.2)
>> ASN.1 - X520StateOrProvinceName as specified in RFC 5280
>> Country:
>> subject:jurisdictionCountryName (OID: 1.3.6.1.4.1.311.60.2.1.3)
>> ASN.1 --X520countryName as specified in RFC 5280"
>> The ASN.1 definitions all reference RFC 5280 and are defined in 
>> Appendix A.  They are copied at the end of this email.  RFC 5280 also 
>> says " The DirectoryString type is defined as a choice of 
>> PrintableString, TeletexString, BMPString, UTF8String, and 
>> UniversalString.  CAs conforming to this profile MUST use either the 
>> PrintableString or UTF8String encoding of DirectoryString"
>> Taken together, this means:
>> jurisdictionCountryName (OID: 1.3.6.1.4.1.311.60.2.1.3) must be a 
>> PrintableString with two characters which together are a "alpha 
>> 2"code defined in ISO 3166 Part 1.
>> jurisdictionStateOrProvinceName (OID: 1.3.6.1.4.1.311.60.2.1.2), if 
>> included, should be either a PrintableString or UTF8String and must 
>> contain at least 1 and not more than 128 characters.
>> jurisdictionLocalityName (OID: 1.3.6.1.4.1.311.60.2.1.1), if 
>> included, shoud be either a PrintableString or UTF8String and must 
>> contain at least 1 and not more than 128 characters.
>> The appropriate values for these attributes, and when one needs to 
>> include the the latter two, is defined in section 9.2.5 as well.
>> Does this help clarify how these attributes work?
>> Thanks,
>> Peter
>> -- Naming attributes of type X520LocalityName
>> id-at-localityName AttributeType ::= { id-at 7 }
>> -- Naming attributes of type X520LocalityName:
>> -- X520LocalityName ::= DirectoryName (SIZE (1..ub-locality-name))
>> --
>> -- Expanded to avoid parameterized type:
>> X520LocalityName ::= CHOICE {
>> teletexString     TeletexString   (SIZE (1..ub-locality-name)),
>> printableString   PrintableString (SIZE (1..ub-locality-name)),
>> universalString   UniversalString (SIZE (1..ub-locality-name)),
>> utf8String        UTF8String      (SIZE (1..ub-locality-name)),
>> bmpString         BMPString       (SIZE (1..ub-locality-name)) }
>> -- Naming attributes of type X520StateOrProvinceName
>> id-at-stateOrProvinceName AttributeType ::= { id-at 8 }
>> -- Naming attributes of type X520StateOrProvinceName:
>> -- X520StateOrProvinceName ::= DirectoryName (SIZE (1..ub-state-name))
>> --
>> -- Expanded to avoid parameterized type:
>> X520StateOrProvinceName ::= CHOICE {
>> teletexString     TeletexString   (SIZE (1..ub-state-name)),
>> printableString   PrintableString (SIZE (1..ub-state-name)),
>> universalString   UniversalString (SIZE (1..ub-state-name)),
>> utf8String        UTF8String      (SIZE (1..ub-state-name)),
>> bmpString         BMPString       (SIZE (1..ub-state-name)) }
>> -- Naming attributes of type X520countryName (digraph from IS 3166)
>> id-at-countryName AttributeType ::= { id-at 6 }
>> X520countryName ::=     PrintableString (SIZE (2))
>> -- Upper Bounds
>> ub-locality-name INTEGER ::= 128
>> ub-state-name INTEGER ::= 128
>> _______________________________________________
>> Public mailing list
>> Public at cabforum.org <mailto:Public at cabforum.org>
>> https://cabforum.org/mailman/listinfo/public
>>
>> ?????????????????????,???????,???????????? ???,???????. 
>> ???????,?????????????????????,?????????,????????????????????,??????????? 
>> ?????.
>> Please be advised that this email message (including any attachments) 
>> contains confidential information and may be legally privileged. If 
>> you are not the intended recipient, please destroy this message and 
>> all attachments from your system and do not further collect, process, 
>> or use them. Chunghwa Telecom and all its subsidiaries and associated 
>> companies shall not be liable for the improper or incomplete 
>> transmission of the information contained in this email nor for any 
>> delay in its receipt or damage to your system. If you are the 
>> intended recipient, please protect the confidential and/or personal 
>> information contained in this email with due care. Any unauthorized 
>> use, disclosure or distribution of this message in whole or in part 
>> is strictly prohibited. Also, please self-inspect attachments and 
>> hyperlinks contained in this email to ensure the information security 
>> and to protect personal information.
>>
>>
>> <T-REC-X.520-201210-I!!PDF-E.pdf>_______________________________________________
>> Public mailing list
>> Public at cabforum.org <mailto:Public at cabforum.org>
>> https://cabforum.org/mailman/listinfo/public
>
>
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20160713/bf6a5c9b/attachment-0003.html>

More information about the Public mailing list