[cabf_validation] Given Name and Surname v2
Jeremy Rowley
jeremy.rowley at digicert.com
Thu Jun 2 08:32:56 MST 2016
Updated based on discussion:
Over the past year, we’ve discussed a few times about the lack of support
for givenName and surname in the BRs.
Here’s a rough ballot proposal to add support:
Insert a new (C) under 7.1.4.2.2, renumbering all subsequent bullets.
c. Certificate Field: subject:givenName (2.5.4.42) and subject:surname (2.5.
4.4)
Optional.
Contents: If present, the subject:givenName field and subject:surname field
MUST contain an natural person Subject’s name as verified under Section
3.2.3.
d. Certificate Field: Number and street: subject:streetAddress (OID:
2.5.4.9)
Optional if the subject:organizationName field, subject: givenName
field, or subject:surname field are is present. Prohibited if the
subject:organizationName field, subject:givenName, and subject:surname field
are is absent.
Contents: If present, the subject:streetAddress field MUST contain the
Subject’s street address information as verified under Section 3.2.2.1.
e. Certificate Field: subject:localityName (OID: 2.5.4.7)
Required if the subject:organizationName field, subject:givenName field, or
subject:surname field are is present and the subject:stateOrProvinceName
field is absent. Optional if the subject:stateOrProvinceName field and the
subject:organizationName field, subject:givenName field, or subject:surname
field are present. Prohibited if the subject:organizationName field,
subject:givenName, and subject:surname field are is absent.
Contents: If present, the subject:localityName field MUST contain the
Subject’s locality information as verified under Section 3.2.2.1. If the
subject:countryName field specifies the ISO 3166‐1 user‐assigned code of
XX in accordance with Section 7.1.4.2.2(g), the localityName field MAY
contain the Subject’s locality and/or state or province information as
verified under Section 3.2.2.1.
f. Certificate Field: subject:stateOrProvinceName (OID: 2.5.4.8)
Required if the subject:organizationName field field, subject:givenName
field, or subject:surname field are is present and the subject:localityName
field is absent. Optional if the subject:localityName field and the subject:
organizationName field, the subject:givenName field, or subject:surname
field are present. Prohibited if the subject:organizationName field,
subject:givenName field , or subject:surname field are is absent. Contents:
If present, the subject:stateOrProvinceName field MUST contain the Subject’
s state or province information as verified under Section 3.2.2.1. If the
subject:countryName field specifies the ISO 3166‐1 user‐assigned code of
XX in accordance with Section 7.1.4.2.2(g), the subject:stateOrProvinceName
field MAY contain the full name of the Subject’s country information as
verified under Section 3.2.2.1.
g. Certificate Field: subject:postalCode (OID: 2.5.4.17)
Optional if the subject:organizationName, subject:givenName field, or
subject:surname fields are is present. Prohibited if the
subject:organizationName field, subject:givenName field, or subject:surname
field are is absent.
Contents: If present, the subject:postalCode field MUST contain the
Subject’s zip or postal information as verified under Section 3.2.2.1.
h. Certificate Field: subject:countryName (OID: 2.5.4.6)
Required if the subject:organizationName field, subject:givenName , or
subject:surname field is present. Optional if the subject:organizationName
field, subject:givenName field, and subject:surname field are is absent.
Contents: If the subject:organizationName field is present, the
subject:countryName MUST contain the two‐letter ISO 3166‐1 country code
associated with the location of the Subject verified under Section 3.2.2.1.
If the subject:organizationName, subject:givenName field, and
subject:surname field are is absent, the subject:countryName field MAY
contain the two‐letter ISO 3166‐1 country code associated with the Subject
as verified in accordance with Section 3.2.2.3. If a Country is not
represented by an official ISO 3166‐1 country code, the CA MAY specify the
ISO 3166‐1 user‐assigned code of XX indicating that an official ISO 3166‐
1 alpha‐2 code has not been assigned.
i. Certificate Field: subject:organizationalUnitName
Optional.
Contents: The CA SHALL implement a process that prevents an OU attribute
from including a name, DBA, tradename, trademark, address, location, or
other text that refers to a specific natural person or Legal Entity unless
the CA has verified this information in accordance with Section 3.2 and the
Certificate also contains subject:organizationName, subject:givenName,
subject:surname, subject:localityName, and subject:countryName attributes,
also verified in accordance with Section 3.2.2.1.
7.1.6.1
…
If the Certificate asserts the policy identifier of 2.23.140.1.2.1, then it
MUST NOT include organizationName, givenName, surname, streetAddress,
localityName, stateOrProvinceName, or postalCode in the Subject field.
…
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/validation/attachments/20160602/8e8e58d7/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
Url : https://cabforum.org/pipermail/validation/attachments/20160602/8e8e58d7/attachment.bin
More information about the Validation
mailing list