[cabfpub] FW: Naming rules

Kirk Hall Kirk.Hall at entrustdatacard.com
Mon Mar 6 18:03:05 UTC 2017 

Yes, I agree with your analysis, Gerv.  And one member - was it Izenpe? - already used BR 9.16.3 to make an exception to the BRs as required by Spanish law, as I recall.

I was under the impression by the many months of discussing this issue that the naming rules in Taiwan were required by law, and Chunghwa was in a bind.  If the naming rules are NOT required by law, then we don't need to discuss this any further.

-----Original Message-----
From: Gervase Markham [mailto:gerv at mozilla.org] 
Sent: Monday, March 6, 2017 2:59 AM
To: Kirk Hall <Kirk.Hall at entrustdatacard.com>; CABFPub <public at cabforum.org>
Subject: Re: FW: [cabfpub] Naming rules

On 06/03/17 06:51, Kirk Hall wrote:
> Gerv – we worked on BR 9.16.3 together – the whole point was to ALLOW 
> CAs to deviate from (modify) the BRs if required by applicable law

Yes, if _required_ by applicable _law_. I may be misunderstanding the situation, but if Peter's summary is correct:

"I believe the government on Taiwan falls into the latter case.  They have a PKI which has the policy that names must be taken from an existing Directory Information Tree operated by the government.  Many of the Names in the existing DIT don’t include attributes that are required by the BRs."

...then this is not a 9.16.3 situation. There is no law anyone has quoted which requires Chunghwa Telecom to issue certificates for this PKI from publicly-trusted roots. So they can solve the "problem" either by not issuing certificates for this PKI, or by issuing them from private roots. The fact that they might _want_ to issue certificates for it from publicly-trusted roots for convenience is not in itself enough to allow them to use 9.16.3.

Let's imagine this DIT was operated by a private company. Would they then be allowed to use 9.16.3? Of course not. The fact that the government is operating it doesn't make any difference, unless there's a law which says that all Taiwanese CAs _must_ issue for it from any root the government chooses. The government doesn't get a special carve-out from the BRs for its PKIs just be virtue of being the government.

As I said, I may have misunderstood the situation, but that's how I see it at the moment.

Gerv

More information about the Public mailing list