[cabfpub] Naming rules

Rich Smith richard.smith at comodo.com
Tue Mar 28 13:50:24 UTC 2017


Ryan, Ben’s wording states that the registry is at the national level, so rather than talking about Jurisdiction A and B, the labels are correctly Country A and Country B, therefore even if every other field in the registries were the same the C field will always be unique to the particular registry, therefore the particular entries between the registries would be unique.  Am I missing something?

 

From: Public [mailto:public-bounces at cabforum.org] On Behalf Of Ryan Sleevi via Public
Sent: Friday, March 24, 2017 7:39 PM
To: Moudrick M. Dadashov <md at ssc.lt>
Cc: Ryan Sleevi <sleevi at google.com>; CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: Re: [cabfpub] Naming rules

 

Jurisdiction A defines an independent directory tree (D1).

Jurisdiction B defines an independent directory tree (D2).

 

D1 uses the naming scheme defined by Jurisdiction A

D2 uses the naming scheme defined by Jurisdiction B.

 

Unless you know all of the laws regarding Jurisdiction A, B, C, ... Z, and can make an effective declaration that no jurisdiction exists that defines a directory tree (D0) that conflicts with either D1 or D2, then you cannot assert that D1 or D2 are unique.

 

On Fri, Mar 24, 2017 at 8:31 PM, Moudrick M. Dadashov <md at ssc.lt <mailto:md at ssc.lt> > wrote:

Hi Ryan, can you give an example of 'cross-jurisdictional directory trees'?

 

Thanks,

M.D.

 

 

 

Sent from Samsung tablet.

 

-------- Original message --------

From: Ryan Sleevi <sleevi at google.com <mailto:sleevi at google.com> > 

Date: 3/25/17 01:15 (GMT+01:00) 

To: "Moudrick M. Dadashov" <md at ssc.lt <mailto:md at ssc.lt> > 

Cc: CA/Browser Forum Public Discussion List <public at cabforum.org <mailto:public at cabforum.org> >, Ben Wilson <ben.wilson at digicert.com <mailto:ben.wilson at digicert.com> > 

Subject: Re: [cabfpub] Naming rules 

 

 

 

On Fri, Mar 24, 2017 at 8:07 PM, Moudrick M. Dadashov <md at ssc.lt <mailto:md at ssc.lt> > wrote:

Auditor examine it through the same government adopted registry.

 

In fact if government has a centralised register, there is a very little chance that the same data  catogories will be maintained in two different resources - duplication of responsibilitiies is prohibited by law.

 

Thanks,

M.D.

 

 

Hi Moudrick,

 

I'm sorry, but it may not have been clear, I was talking about cross-jurisdictional directory trees. There's nothing that would ensure their unambiguous uniqueness here, and as proposed, two entities could have X.500 DITs that reflected both _their_ jurisdiction and, more importantly, how _their_ jurisdiction views other jurisdictions.

 

I believe you've misunderstood this to be about a single jurisdiction, but I was not talking about that. Auditors would have to be aware of all jurisdictions - and more importantly, all jurisdictional laws that apply or are relevant for CAs. This is much like the can of worms related to 9.16.3 in which some laws or registries only apply to specific participants.

 

So while your responses would be correct for a single jurisdiction, that's not the issue :)

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170328/f3e610ea/attachment-0003.html>


More information about the Public mailing list