[cabfpub] C=GR, C=UK exceptions in BRs
Dimitris Zacharopoulos
jimmy at it.auth.gr
Mon Mar 20 06:59:26 UTC 2017
On 18/3/2017 9:06 πμ, Geoff Keating wrote:
> In this discussion, I think perhaps a key point has been lost:
>
> Why is the CABforum involved in this?
>
> The CABforum does not assign country codes, nor is it responsible for defining the countryName attribute (that’s in ITU-T X.520 | ISO/IEC 9594-6). I don’t see why the CABforum should consider itself free to change that definition and I don’t see why people should be asking it to.
>
> Even if it was permitted, would it be wise? The CABforum is not well suited to be determining the existence or names of countries, especially in contentious cases, and there are a lot of contentious cases in this area. An important function of the ISO 3166 Maintenance Agency is to enfold these contentious cases in careful bureaucracy and to come up with a result that, while it might not be agreed to be the correct result, or the desirable result, is at least agreed to be the result.
>
Geoff,
The CA/B Form is involved because I presented an EU legal document that
mandates using "C=EL" and "C=UK" as exceptions to the ISO-3166, in X.509
Certificates. Check my e-mail sent on March 17th. Just to restate the
problem, the current BRs dictate using the two-letter country codes in
ISO-3166-1 for the Subject Information. This creates a conflict if there
is a case where a subject is required to use one of the other country
identifiers, like the referenced 1505/2015 commission implementing
decision.
These two countries have been using these identifiers for years and have
broadly been used in legal documents and official correspondence in the
European Union. As I am sure you are quite aware, you can't get more
bureaucracy than the EU, so for these identifiers to be included in
legal documents, it means that all the proper agencies have approved
this. I presented one of possibly hundreds of documents using these
identifiers but the one I posted is very closely related to X.509
digital certificates.
I agree that ISO-3166-1 is a great place to start but if there are
specific exceptions to it, like the ones specified in the 1505/2015
decision, coming from organizations like the EU, IMHO they should be
respected.
Dimitris.
More information about the Public
mailing list