[cabf_validation] givenName and surname

Jeremy Rowley jeremy.rowley at digicert.com
Fri Jun 10 13:17:35 MST 2016


Yes - should be a "MUST". In the "are is" each of the "is" have a
strikethrough since that's existing language.

-----Original Message-----
From: Kurt Roeckx [mailto:kurt at roeckx.be] 
Sent: Friday, June 10, 2016 1:25 PM
To: Jeremy Rowley <jeremy.rowley at digicert.com>
Cc: validation (validation at cabforum.org) <validation at cabforum.org>
Subject: Re: [cabf_validation] givenName and surname

On Fri, Jun 10, 2016 at 05:36:40PM +0000, Jeremy Rowley wrote:
> Final updates based on discussion. Any other comments before we send 
> this to the main list for a vote?
> 
> 
> 
> Insert a new (C) under 7.1.4.2.2, renumbering all subsequent bullets.
> 
> 
> 
> c. Certificate Field: subject:givenName (2.5.4.42) and subject:surname
(2.5.
> 4.4)
> 
> Optional.
> 
> Contents:  If present, the subject:givenName field and subject:surname 
> field MUST contain an natural person Subject's name as verified under 
> Section 3.2.3. A Certificate containing a subject:givenName field or 
> subject:surname field must contain the (2.23.140.1.2.3) Certificate Policy
OID.


Should that be a "MUST" instead of "must"?


> d. Certificate Field: Number and street: subject:streetAddress (OID:
> 2.5.4.9)
> 
>     Optional if the subject:organizationName field, subject: givenName 
> field, or subject:surname field are is present. Prohibited if the 
> subject:organizationName field, subject:givenName, and subject:surname 
> field are is absent.

My "are is present" and "are is absent" comment still applies.


> 7.1.6.1
>
> ...
>
> If the Certificate asserts the policy identifier of 2.23.140.1.2.1, 
> then it MUST NOT include organizationName, givenName, surname, 
> streetAddress, localityName, stateOrProvinceName, or postalCode in the 
> Subject field.

(2.23.140.1.2.1 being Domain Validated)

Add countryName?  organizationalUnitName?  serialNumber?
businessCategory?

Maybe it should instead list the allowed fields, which I think is just
commonName?


Kurt

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
Url : https://cabforum.org/pipermail/validation/attachments/20160610/52eb6256/attachment.bin 


More information about the Validation mailing list