[cabfpub] C=GR, C=UK exceptions in BRs

Dimitris Zacharopoulos jimmy at it.auth.gr
Mon Mar 20 06:59:26 UTC 2017


On 18/3/2017 9:06 πμ, Geoff Keating wrote:
> In this discussion, I think perhaps a key point has been lost:
>
> Why is the CABforum involved in this?
>
> The CABforum does not assign country codes, nor is it responsible for defining the countryName attribute (that’s in ITU-T X.520 | ISO/IEC 9594-6).  I don’t see why the CABforum should consider itself free to change that definition and I don’t see why people should be asking it to.
>
> Even if it was permitted, would it be wise?  The CABforum is not well suited to be determining the existence or names of countries, especially in contentious cases, and there are a lot of contentious cases in this area.  An important function of the ISO 3166 Maintenance Agency is to enfold these contentious cases in careful bureaucracy and to come up with a result that, while it might not be agreed to be the correct result, or the desirable result, is at least agreed to be the result.
>

Geoff,

The CA/B Form is involved because I presented an EU legal document that 
mandates using "C=EL" and "C=UK" as exceptions to the ISO-3166, in X.509 
Certificates. Check my e-mail sent on March 17th. Just to restate the 
problem, the current BRs dictate using the two-letter country codes in 
ISO-3166-1 for the Subject Information. This creates a conflict if there 
is a case where a subject is required to use one of the other country 
identifiers, like the referenced 1505/2015 commission implementing 
decision.

These two countries have been using these identifiers for years and have 
broadly been used in legal documents and official correspondence in the 
European Union. As I am sure you are quite aware, you can't get more 
bureaucracy than the EU, so for these identifiers to be included in 
legal documents, it means that all the proper agencies have approved 
this. I presented one of possibly hundreds of documents using these 
identifiers but the one I posted is very closely related to X.509 
digital certificates.

I agree that ISO-3166-1 is a great place to start but if there are 
specific exceptions to it, like the ones specified in the 1505/2015 
decision, coming from organizations like the EU, IMHO they should be 
respected.


Dimitris.




More information about the Public mailing list