[cabfpub] Naming rules

Rich Smith richard.smith at comodo.com
Tue Mar 28 16:25:51 UTC 2017


Would modifying Ben’s proposed wording to this resolve the issue?

 

This field is also optional if the organization is uniquely identifiable by registration in a X.500 directory which has been adopted by the national government in the same jurisdiction as the organization, and which does not contain the [localityName/stateOrProvinceName] attribute.  This exception MUST NOT be applied in cases where user defined country code XX is being used as per [insert section containing C=XX conditions]

 

Admittedly I am not an expert in X.500 directories/structures/requirements, but it seems that this would resolve the problem of uniqueness.  For the Taiwan case, you could use the Taiwan directory for an organization IN Taiwan, but even if Taiwan maintains entries for organizations outside Taiwan, those would fall outside the exception, as would an entry for an organization in Taiwan maintained in some other directory in some other country.  Country code XX specifically banned from using this exception for obvious reasons.

 

From: Ryan Sleevi [mailto:sleevi at google.com] 
Sent: Tuesday, March 28, 2017 9:17 AM
To: Rich Smith <richard.smith at comodo.com>
Cc: CA/Browser Forum Public Discussion List <public at cabforum.org>; Moudrick M. Dadashov <md at ssc.lt>
Subject: Re: [cabfpub] Naming rules

 

 

 

On Tue, Mar 28, 2017 at 9:50 AM, Rich Smith <richard.smith at comodo.com <mailto:richard.smith at comodo.com> > wrote:

Ryan, Ben’s wording states that the registry is at the national level, so rather than talking about Jurisdiction A and B, the labels are correctly Country A and Country B, therefore even if every other field in the registries were the same the C field will always be unique to the particular registry, therefore the particular entries between the registries would be unique.  Am I missing something?

 

Yes, there's no guarantee the C field is unique for the registry.

 

As a thought experiment, consider a country that participates in multiple international treaties that allow for X.500 registries.

As a thought experiment, consider a country that provides a naming ontology for its international partners.

As a thought experiment, consider multiple national government organizations adopting their own X.500 DIT.

 

The assumption here, which is incorrect in the lens of history, is that the X.500 DIT exists and disambiguates these countries.

 

I am in resounding agreement with Peter - either we should put forward a ballot or we should stop discussing this further.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170328/d4a358bc/attachment-0003.html>


More information about the Public mailing list