<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal>Ballot SC17: Alternative registration numbers for EU certificates<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>Purpose of Ballot: Allow for the inclusion of additional information in <o:p></o:p></p><p class=MsoNormal>certificates in order to comply with relevant EU regulations.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The following motion has been proposed by Tim Hollebeek of DigiCert and endorsed <o:p></o:p></p><p class=MsoNormal>by Dimitris Zacharopoulos of Harica and Enrico Entshew of D-Trust.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Motivation:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Update to CAB Forum EV Guidelines to cater for alternative registration numbers <o:p></o:p></p><p class=MsoNormal>caused by EU Legal Requirements:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>i. The EU Regulation No 910/2014 (eIDAS [https://eur-lex.europa.eu/eli/reg/2014/910/oj]) <o:p></o:p></p><p class=MsoNormal> defines regulatory requirements for certificates with an agreed quality level <o:p></o:p></p><p class=MsoNormal> called Qualified. This regulation specifies in Annex IV specific requirements <o:p></o:p></p><p class=MsoNormal> for “Qualified certificates for website authentication” including the <o:p></o:p></p><p class=MsoNormal> statement that the certificate shall contain: “for a legal person: the name <o:p></o:p></p><p class=MsoNormal> and, where applicable, registration number as stated in the official records,”<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>ii. It is understood that this requirement relates to validated attributes for <o:p></o:p></p><p class=MsoNormal> the identification of the certificate subject and hence is best fitted in the <o:p></o:p></p><p class=MsoNormal> subject’s distinguished name. <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>iii. In line with the regulatory framework ETSI has defined a general structure <o:p></o:p></p><p class=MsoNormal> for carrying “registration numbers” in TS 119 412-1 <o:p></o:p></p><p class=MsoNormal> [https://www.etsi.org/standards-search#page=1&search=TS119412-1] clause 5.1.4. <o:p></o:p></p><p class=MsoNormal> This uses the X.520 [https://www.itu.int/rec/dologin_pub.asp?lang=e&id=T-REC-X.520-201210-S!!PDF-E&type=items] <o:p></o:p></p><p class=MsoNormal> organizationIdentifier within the subject’s distinguished name in line with its <o:p></o:p></p><p class=MsoNormal> stated purpose being “holds an identification of an organization different <o:p></o:p></p><p class=MsoNormal> from the organization name”. This is used for ETSI requirements to carry <o:p></o:p></p><p class=MsoNormal> registration numbers for certificates, Qualified or otherwise.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>iv. It is considered that this use of organizationIdentifier supports the primary <o:p></o:p></p><p class=MsoNormal> purpose of EV certificates as stated in section 2.1.1 of the EV Guidelines as <o:p></o:p></p><p class=MsoNormal> “other disambiguating information”.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>v. A recent EU delegated Regulation 2018/389 on secure communications for payment <o:p></o:p></p><p class=MsoNormal> services (RTS [https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32018R0389]) <o:p></o:p></p><p class=MsoNormal> states in Article 34.2 that for Qualified Website certificates (QWACs) the <o:p></o:p></p><p class=MsoNormal> registration number required in eIDAS “shall be the authorisation number of the <o:p></o:p></p><p class=MsoNormal> payment service provider … or equivalent [reference made to earlier regulations <o:p></o:p></p><p class=MsoNormal> relating to banks]”.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>vi. ETSI has specified TS 119 495 <o:p></o:p></p><p class=MsoNormal> [https://www.etsi.org/standards-search#page=1&search=TS119495] requirements for <o:p></o:p></p><p class=MsoNormal> carrying PSD2 related registration numbers in the general structure for <o:p></o:p></p><p class=MsoNormal> registration numbers defined in TS 119 412-1 clause 5.1.4 as mentioned in <o:p></o:p></p><p class=MsoNormal> iii. above.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>vii. ETSI has endeavoured to ensure and always intended that requirements relating <o:p></o:p></p><p class=MsoNormal> to web site certificates at the Qualified level are in line with the CA/B Forum <o:p></o:p></p><p class=MsoNormal> EV Guidelines.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>viii. This proposal only includes some of the Registration Schemes as used in <o:p></o:p></p><p class=MsoNormal> ETSI TS 119 412-1, which have clear validation rules (NTR, VAT, PSD) that provide <o:p></o:p></p><p class=MsoNormal> reasonable assurance in line with the EV Guidelines. The IPR for the semantics <o:p></o:p></p><p class=MsoNormal> of this scheme is proposed to be released to the CA/B Forum allowing it to <o:p></o:p></p><p class=MsoNormal> further extend the use of organizationIdentifier to include other Registration <o:p></o:p></p><p class=MsoNormal> Schemes (e.g. LEI) and corresponding validation rules, at the CA/B Forum’s <o:p></o:p></p><p class=MsoNormal> discretion. Also, any further changes by ETSI to ETSI TS 119 412-1 will not <o:p></o:p></p><p class=MsoNormal> impact the CA/B Forum.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>ix. Having found out that CA/B Forum’s interpretation of EV Requirements in section <o:p></o:p></p><p class=MsoNormal> 9.2.8 “Other Attributes” was not in line with those understood by ETSI experts, <o:p></o:p></p><p class=MsoNormal> ETSI would like to harmonise with CA/B Forum approach to carrying alternative <o:p></o:p></p><p class=MsoNormal> forms of registration number for PSD2 and other registration schemes.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>b) CA/B Forum specific concerns are:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>i. Requirements regarding Attributes to be included in the Subject DN need to be <o:p></o:p></p><p class=MsoNormal> explicitly covered in 9.2.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>ii. Organisations may wish to identify OrganisationalUnits within their organisation. <o:p></o:p></p><p class=MsoNormal> It is unclear if this is currently allowed in the EV Guidelines (similar <o:p></o:p></p><p class=MsoNormal> ambiguity in section 9.2.8).<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>iii. There are objections to ETSI specific usage of the orgID field (no squatting).<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>iv. The procedures for validation of the attribute need to be clearly stated.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>v. There may be other uses of the organizationIdentifier field in various PKIs, <o:p></o:p></p><p class=MsoNormal> however it is not considered to be a problem. Because of the unique semantics we <o:p></o:p></p><p class=MsoNormal> are specifying for each identifier, applications should be able to understand <o:p></o:p></p><p class=MsoNormal> different uses of the OrgID field by different issuers and users. There are many <o:p></o:p></p><p class=MsoNormal> different "PKIs" out there that can use all X.500 attributes differently and with <o:p></o:p></p><p class=MsoNormal> different validation or no validation at all. To the best of our knowledge, the <o:p></o:p></p><p class=MsoNormal> WebPKI has never used this subjectDN attribute before for Publicly-Trusted <o:p></o:p></p><p class=MsoNormal> Certificates. Thus there is no "conflict" by using this attribute in the EV <o:p></o:p></p><p class=MsoNormal> Guidelines for SSL/TLS Certificates, and perhaps later for EV Code Signing <o:p></o:p></p><p class=MsoNormal> Certificates.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>vi. This use of organisationIdentifier must be extendable to allow for use by other <o:p></o:p></p><p class=MsoNormal> registration numbers allocated by different registration schemes. Some CAB Forum<o:p></o:p></p><p class=MsoNormal> members have indicated interest in carrying registration numbers other than for <o:p></o:p></p><p class=MsoNormal> Incorporation within EV Certificates. This is catered for in the current proposal.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>vii. There is interest by some CA/B Forum members in carrying LEIs within CA/B Forum <o:p></o:p></p><p class=MsoNormal> certificates but as yet the LEI registration scheme is not currently considered <o:p></o:p></p><p class=MsoNormal> sufficiently robust to be recognised as an registration numbering scheme to be <o:p></o:p></p><p class=MsoNormal> accepted by CA/B Forum. Therefore this proposal only introduces a limited set of <o:p></o:p></p><p class=MsoNormal> Registration Schemes (namely NTR, VAT, PSD) which have reasonably robust <o:p></o:p></p><p class=MsoNormal> validation rules.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>viii. Some CA/B Forum members have indicated the possible need for multiple <o:p></o:p></p><p class=MsoNormal> identifiers in the subject name. This, however, cannot be achieved using X.520 <o:p></o:p></p><p class=MsoNormal> organizationIdentifier which defined this attribute as being “SINGLE VALUE”. The <o:p></o:p></p><p class=MsoNormal> use of a single value has the advantage is it is clear what is the registration, <o:p></o:p></p><p class=MsoNormal> in addition to the company registration, which identifies the subject. <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>---MOTION BEGINS---<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Purpose of Ballot: Update to CAB Forum EV Guidelines to allow alternative <o:p></o:p></p><p class=MsoNormal> registration numbers <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Proposed Ballot for Changes to EVG 1.6.9<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Add to section 4 definitions: <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>"Legal Entity: A Private Organization, Government Entity, Business Entity, or <o:p></o:p></p><p class=MsoNormal> Non-Commercial Entity.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Registration Reference: A unique identifier assigned to a Legal Entity.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Registration Scheme: A scheme for assigning a Registration Reference meeting the <o:p></o:p></p><p class=MsoNormal> requirements identified in Appendix H."<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Retitle Section 9.2 as "Subject Distinguished Name Fields".<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Remove Section 9.2.2 and renumber sections 9.2.3 through 9.2.8 to 9.2.2 through 9.2.7.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Insert new section 9.2.8:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>"9.2.8. Subject Organization Identifier Field<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>**Certificate field**: organizationIdentifier (OID: 2.5.4.97)<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>**Required/Optional**: Optional<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>**Contents**: If present, this field MUST contain a Registration Reference for a <o:p></o:p></p><p class=MsoNormal> Legal Entity assigned in accordance to the identified Registration Scheme.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The organizationIdentifier MUST be encoded as a PrintableString or UTF8String<o:p></o:p></p><p class=MsoNormal>(see RFC 5280).<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>The Registration Scheme MUST be identified using the following structure <o:p></o:p></p><p class=MsoNormal>in the presented order:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>* 3 character Registration Scheme identifier;<o:p></o:p></p><p class=MsoNormal>* 2 character ISO 3166 country code for the nation in which the Registration Scheme <o:p></o:p></p><p class=MsoNormal> is operated, or if the scheme is operated globally ISO 3166 code "XG" shall be used;<o:p></o:p></p><p class=MsoNormal>* For the NTR Registration Scheme identifier, if required under Section 9.2.4, a two <o:p></o:p></p><p class=MsoNormal> character ISO 3166-2 identifier for the subdivision (state or province) of the nation <o:p></o:p></p><p class=MsoNormal> in which the Registration Scheme is operated, preceded by plus "+" (0x2B (ASCII), U+002B (UTF-8));<o:p></o:p></p><p class=MsoNormal>* a hyphen-minus "-" (0x2D (ASCII), U+002D (UTF-8));<o:p></o:p></p><p class=MsoNormal>* Registration Reference allocated in accordance with the identified Registration Scheme<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Note: Registration References MAY contain hyphens, but Registration Schemes, ISO 3166 <o:p></o:p></p><p class=MsoNormal> country codes, and ISO 3166-2 identifiers do not. Therefore if more than one hyphen <o:p></o:p></p><p class=MsoNormal> appears in the structure, the leftmost hyphen is a separator, and the remaining hyphens <o:p></o:p></p><p class=MsoNormal> are part of the Registration Reference.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>As in section 9.2.4, the specified location information MUST match the scope of the<o:p></o:p></p><p class=MsoNormal>registration being referenced.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Examples:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>* NTRGB-12345678 (NTR scheme, Great Britain, Unique Identifier at Country level is 12345678)<o:p></o:p></p><p class=MsoNormal>* NTRUS+CA-12345678 (NTR Scheme, United States - California, Unique identifier at State level is 12345678)<o:p></o:p></p><p class=MsoNormal>* VATDE-123456789 (VAT Scheme, Germany, Unique Identifier at Country Level is 12345678)<o:p></o:p></p><p class=MsoNormal>* PSDBE-NBB-1234.567.890 (PSD Scheme, Belgium, NCA's identifier is NBB, Subject Unique Identifier assigned by the NCA is 1234.567.890)<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Registration Schemes listed in Appendix H are currently recognized as valid under <o:p></o:p></p><p class=MsoNormal>these guidelines.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The CA SHALL:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>1. confirm that the organization represented by the Registration Reference is the <o:p></o:p></p><p class=MsoNormal> same as the organization named in the organizationName field as specified in <o:p></o:p></p><p class=MsoNormal> Section 9.2.1 within the context of the subject’s jurisdiction as specified in <o:p></o:p></p><p class=MsoNormal> Section 9.2.4;<o:p></o:p></p><p class=MsoNormal>2. further verify the Registration Reference matches other information verified <o:p></o:p></p><p class=MsoNormal> in accordance with section 11; <o:p></o:p></p><p class=MsoNormal>3. take appropriate measures to disambiguate between different organizations as <o:p></o:p></p><p class=MsoNormal> described in Appendix H for each Registration Scheme;<o:p></o:p></p><p class=MsoNormal>4. Apply the validation rules relevant to the Registration Scheme as specified <o:p></o:p></p><p class=MsoNormal> in Appendix H."<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Insert new section 9.8 (renumbering following sections as necessary):<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>"9.8. Certificate Extensions<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The extensions listed in the Section 9.8 are recommended for maximum interoperability <o:p></o:p></p><p class=MsoNormal>between certificates and browsers / applications, but are not mandatory on the CAs <o:p></o:p></p><p class=MsoNormal>except where indicated as “Required”. CAs may use other extensions that are not <o:p></o:p></p><p class=MsoNormal>listed in this Section 9.8, but are encouraged to add them to this section by ballot <o:p></o:p></p><p class=MsoNormal>from time to time to help increase extension standardization across the industry. <o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>If a CA includes an extension in a certificate that has a Certificate field which is <o:p></o:p></p><p class=MsoNormal>named in this Section 9.8, the CA must follow the format specified in that subjection. <o:p></o:p></p><p class=MsoNormal>However, no extension or extension format shall be mandatory on a CA unless <o:p></o:p></p><p class=MsoNormal>specifically stated as “Required” in the subsection that describes the extension.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>9.8.1. Subject Alternative Name Extension<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>**Certificate field:** _subjectAltName:dNSName_<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>**Required/Optional:** Required<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>**Contents:** This extension MUST contain one or more host Domain Name(s) owned or controlled <o:p></o:p></p><p class=MsoNormal>by the Subject and to be associated with the Subject's server. Such server MAY be owned and <o:p></o:p></p><p class=MsoNormal>operated by the Subject or another entity (e.g., a hosting service). Wildcard certificates <o:p></o:p></p><p class=MsoNormal>are not allowed for EV Certificates.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>9.8.2. CA/Browser Forum Organization Identifier Field<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>**Extension Name**: _cabfOrganizationIdentifier_ (OID: 2.23.140.3.1)<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>**Verbose OID**: {joint-iso-itu-t(2) international-organizations(23) ca-browser-forum(140) <o:p></o:p></p><p class=MsoNormal> certificate-extensions(3) cabf-organization-identifier(1) }<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>**Required/Optional**: Optional (but see below)<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>**Contents**: If the subject:organizationIdentifier is present, this field SHOULD be present. <o:p></o:p></p><p class=MsoNormal>Effective January 31, 2020, if the subject:organizationIdentifier field is present, <o:p></o:p></p><p class=MsoNormal>this field MUST be present.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>If present, this field MUST contain a Registration Reference for a <o:p></o:p></p><p class=MsoNormal>Legal Entity assigned in accordance to the identified Registration Scheme.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The Registration Scheme MUST be encoded as described by the following ASN.1 grammar:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal> id-CABFOrganizationIdentifier OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) international-organizations(23) ca-browser-forum(140) certificate-extensions(3) cabf-organization-identifier(1) }<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal> ext-CABFOrganizationIdentifier EXTENSION ::= { SYNTAX CABFOrganizationIdentifier IDENTIFIED BY id-CABFOrganizationIdentifier }<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal> CABFOrganizationIdentifier ::= SEQUENCE {<o:p></o:p></p><p class=MsoNormal> registrationSchemeIdentifier PrintableString (SIZE(3)),<o:p></o:p></p><p class=MsoNormal> registrationCountry PrintableString (SIZE(2)),<o:p></o:p></p><p class=MsoNormal> registrationStateOrProvince [0] IMPLICIT PrintableString OPTIONAL (SIZE(0..128)),<o:p></o:p></p><p class=MsoNormal> registrationReference UTF8String<o:p></o:p></p><p class=MsoNormal> }<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>where the subfields and have the same meanings and restrictions described in Section 9.2.8.<o:p></o:p></p><p class=MsoNormal>The CA SHALL validate the contents using the requirements in Section 9.2.8."<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Add new Appendix H - Registration Schemes<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>"The following Registration Schemes are currently recognised as valid under these <o:p></o:p></p><p class=MsoNormal>guidelines:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>**NTR**: The information carried in this field shall be the same as held in Subject <o:p></o:p></p><p class=MsoNormal> Registration Number Field as specified in 9.2.5 and the country code used in <o:p></o:p></p><p class=MsoNormal> the Registration Scheme identifier shall match that of the subject’s jurisdiction <o:p></o:p></p><p class=MsoNormal> as specified in Section 9.2.4.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal> Where the Subject Jurisdiction of Incorporation or Registration Field in 9.2.4 <o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal> includes more than the country code, the additional locality information shall<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal> be included as specified in sections 9.2.8 and/or 9.8.1.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>**VAT**: Reference allocated by the national tax authorities to a Legal Entity. This <o:p></o:p></p><p class=MsoNormal> information shall be validated using information provided by the national tax <o:p></o:p></p><p class=MsoNormal> authority against the organisation as identified by the Subject Organization <o:p></o:p></p><p class=MsoNormal> Name Field (see 9.2.1) and Subject Registration Number Field (see 9.2.5) within <o:p></o:p></p><p class=MsoNormal> the context of the subject’s jurisdiction as specified in Section 9.2.4.<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>**PSD**: Authorization number as specified in ETSI TS 119 495 clause 4.4 allocated to a <o:p></o:p></p><p class=MsoNormal> payment service provider and containing the information as specified in <o:p></o:p></p><p class=MsoNormal> ETSI TS 119 495 clause 5.2.1. This information SHALL be obtained directly from the <o:p></o:p></p><p class=MsoNormal> national competent authority register for payment services or from an information <o:p></o:p></p><p class=MsoNormal> source approved by a government agency, regulatory body, or legislation for this <o:p></o:p></p><p class=MsoNormal> purpose. This information SHALL be validated by being matched directly or indirectly <o:p></o:p></p><p class=MsoNormal> (for example, by matching a globally unique registration number) against the <o:p></o:p></p><p class=MsoNormal> organisation as identified by the Subject Organization Name Field (see 9.2.1) and <o:p></o:p></p><p class=MsoNormal> Subject Registration Number Field (see 9.2.5) within the context of the subject’s <o:p></o:p></p><p class=MsoNormal> jurisdiction as specified in Section 9.2.4. The stated address of the organisation <o:p></o:p></p><p class=MsoNormal> combined with the organization name SHALL NOT be the only information used to <o:p></o:p></p><p class=MsoNormal> disambiguate the organisation."<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>---MOTION ENDS---<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>*** WARNING ***: USE AT YOUR OWN RISK. THE REDLINE BELOW IS NOT THE OFFICIAL VERSION <o:p></o:p></p><p class=MsoNormal>OF THE CHANGES (CABF Bylaws, Section 2.4(a)):<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>A comparison of the changes can be found at: <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>https://github.com/cabforum/documents/compare/Ballot-SC17---Alternative-registration-numbers-for-EV-certificates?diff=unified&expand=1<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Changes since version 6:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>1. Fix typos in introductory text.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>A comparison of the changes since version 6:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>[no changes to ballot text]<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The procedure for approval of this ballot is as follows:<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>Discussion (7+ days)<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>Start Time: May 6, 2019 4:00pm Eastern<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>End Time: Not before May 13, 2019 4:00pm Eastern<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>Vote for approval (7 days)<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>Start Time: TBD<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>End Time: TBD<o:p></o:p></p></div></body></html>