[cabf_validation] Given Name and Surname v2

Jeremy Rowley jeremy.rowley at digicert.com
Thu Jun 2 08:32:56 MST 2016


Updated based on discussion:



Over the past year, we’ve discussed a few times about the lack of support
for givenName and surname in the BRs.



Here’s a rough ballot proposal to add support:



Insert a new (C) under 7.1.4.2.2, renumbering all subsequent bullets.



c. Certificate Field: subject:givenName (2.5.4.42) and subject:surname (2.5.
4.4)

Optional.

Contents:  If present, the subject:givenName field and subject:surname field
MUST contain an natural person Subject’s name as verified under Section
3.2.3.



d. Certificate Field: Number and street: subject:streetAddress (OID:
2.5.4.9)

    Optional if the subject:organizationName field, subject: givenName
field, or subject:surname field are is present. Prohibited if the
subject:organizationName field, subject:givenName, and subject:surname field
are is absent.

   Contents: If present, the subject:streetAddress field MUST contain the
Subject’s street address information as verified under Section 3.2.2.1.



e. Certificate Field: subject:localityName (OID: 2.5.4.7)

Required if the subject:organizationName field, subject:givenName field, or
subject:surname field are is present and the subject:stateOrProvinceName
field is absent. Optional if the subject:stateOrProvinceName field and the
subject:organizationName field, subject:givenName field, or subject:surname
field are present. Prohibited if the subject:organizationName field,
subject:givenName, and subject:surname field are is absent.

Contents: If present, the subject:localityName field MUST contain the
Subject’s locality information as verified under Section 3.2.2.1. If the
subject:countryName field specifies the ISO 3166‐1 user‐assigned code of
XX in accordance with Section 7.1.4.2.2(g), the localityName field MAY
contain the Subject’s locality and/or state or province information as
verified under Section 3.2.2.1.



f. Certificate Field: subject:stateOrProvinceName (OID: 2.5.4.8)

Required if the subject:organizationName field field, subject:givenName
field, or subject:surname field are is present and the subject:localityName
field is absent. Optional if the subject:localityName field and the subject:
organizationName field, the subject:givenName field, or subject:surname
field are present. Prohibited if the subject:organizationName field,
subject:givenName field , or subject:surname field are is absent. Contents:
If present, the subject:stateOrProvinceName field MUST contain the Subject’
s state or province information as verified under Section 3.2.2.1. If the
subject:countryName field specifies the ISO 3166‐1 user‐assigned code of
XX in accordance with Section 7.1.4.2.2(g), the subject:stateOrProvinceName
field MAY contain the full name of the Subject’s country information as
verified under Section 3.2.2.1.



g. Certificate Field: subject:postalCode (OID: 2.5.4.17)

Optional if the subject:organizationName, subject:givenName field, or
subject:surname fields are is present. Prohibited if the
subject:organizationName field, subject:givenName field, or subject:surname
field are is absent.

Contents: If present, the subject:postalCode field MUST contain the
Subject’s zip or postal information as verified under Section 3.2.2.1.



h. Certificate Field: subject:countryName (OID: 2.5.4.6)

Required if the subject:organizationName field, subject:givenName , or
subject:surname field is present. Optional if the subject:organizationName
field, subject:givenName field, and  subject:surname field are is absent.

Contents: If the subject:organizationName field is present, the
subject:countryName MUST contain the two‐letter ISO 3166‐1 country code
associated with the location of the Subject verified under Section 3.2.2.1.
If the subject:organizationName, subject:givenName field, and
subject:surname  field are  is absent, the subject:countryName field MAY
contain the two‐letter ISO 3166‐1 country code associated with the Subject
as verified in accordance with Section 3.2.2.3. If a Country is not
represented by an official ISO 3166‐1 country code, the CA MAY specify the
ISO 3166‐1 user‐assigned code of XX indicating that an official ISO 3166‐
1 alpha‐2 code has not been assigned.



i. Certificate Field: subject:organizationalUnitName

Optional.

Contents: The CA SHALL implement a process that prevents an OU attribute
from including a name, DBA, tradename, trademark, address, location, or
other text that refers to a specific natural person or Legal Entity unless
the CA has verified this information in accordance with Section 3.2 and the
Certificate also contains subject:organizationName, subject:givenName,
subject:surname, subject:localityName, and subject:countryName attributes,
also verified in accordance with Section 3.2.2.1.



7.1.6.1

…

If the Certificate asserts the policy identifier of 2.23.140.1.2.1, then it
MUST NOT include organizationName, givenName, surname, streetAddress,
localityName, stateOrProvinceName, or postalCode in the Subject field.

…

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/validation/attachments/20160602/8e8e58d7/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
Url : https://cabforum.org/pipermail/validation/attachments/20160602/8e8e58d7/attachment.bin 


More information about the Validation mailing list