[cabf_validation] Given Name and Surname

Jeremy Rowley jeremy.rowley at digicert.com
Wed May 25 02:08:25 MST 2016 

Over the past year, we’ve discussed a few times about the lack of support
for givenName and surname in the BRs.



Here’s a rough ballot proposal to add support:



Insert a new (C) under 7.1.4.2.2, renumbering all subsequent bullets.



c. Certificate Field: subject:givenName (2.5.4.42) and subject:surname (2.5.
4.4)

Optional.

Contents:  If present, the subject:givenName field and subject:surname field
MUST contain an natural person Subject’s name as verified under Section
3.2.3.



d. Certificate Field: Number and street: subject:streetAddress (OID:
2.5.4.9)

    Optional if the subject:organizationName field or subject:surname field
are is present. Prohibited if the subject:organizationName field and
subject:surname field are is absent.

   Contents: If present, the subject:streetAddress field MUST contain the
Subject’s street address information as verified under Section 3.2.2.1.



e. Certificate Field: subject:localityName (OID: 2.5.4.7)

Required if the subject:organizationName field or subject:surname field are
is present and the subject:stateOrProvinceName field is absent. Optional if
the subject:stateOrProvinceName field and either the
subject:organizationName field or subject:surname  field are present.
Prohibited if the subject:organizationName field and subject:surname field
are is absent.

Contents: If present, the subject:localityName field MUST contain the
Subject’s locality information as verified under Section 3.2.2.1. If the
subject:countryName field specifies the ISO 3166‐1 user‐assigned code of
XX in accordance with Section 7.1.4.2.2(g), the localityName field MAY
contain the Subject’s locality and/or state or province information as
verified under Section 3.2.2.1.



f. Certificate Field: subject:stateOrProvinceName (OID: 2.5.4.8)

Required if the subject:organizationName field field or subject:surname
field are is present and the subject:localityName field is absent. Optional
if the subject:localityName field and either the subject:organizationName
field or subject:surname field are present. Prohibited if the
subject:organizationName field or subject:surname field are is absent.
Contents: If present, the subject:stateOrProvinceName field MUST contain the
Subject’s state or province information as verified under Section 3.2.2.1.
If the subject:countryName field specifies the ISO 3166‐1 user‐assigned
code of XX in accordance with Section 7.1.4.2.2(g), the
subject:stateOrProvinceName field MAY contain the full name of the Subject’
s country information as verified under Section 3.2.2.1.



g. Certificate Field: subject:postalCode (OID: 2.5.4.17)

Optional if the subject:organizationName or subject:surname fields are is
present. Prohibited if the subject:organizationName field or subject:surname
field are is absent.

Contents: If present, the subject:postalCode field MUST contain the
Subject’s zip or postal information as verified under Section 3.2.2.1.



h. Certificate Field: subject:countryName (OID: 2.5.4.6)

Required if the subject:organizationName field or subject:surname field is
present. Optional if the subject:organizationName field and or
subject:surname field are is absent.

Contents: If the subject:organizationName field is present, the
subject:countryName MUST contain the two‐letter ISO 3166‐1 country code
associated with the location of the Subject verified under Section 3.2.2.1.
If the subject:organizationName and subject:surname  field are  is absent,
the subject:countryName field MAY contain the two‐letter ISO 3166‐1
country code associated with the Subject as verified in accordance with
Section 3.2.2.3. If a Country is not represented by an official ISO 3166‐1
country code, the CA MAY specify the ISO 3166‐1 user‐assigned code of XX
indicating that an official ISO 3166‐1 alpha‐2 code has not been assigned.



i. Certificate Field: subject:organizationalUnitName

Optional.

Contents: The CA SHALL implement a process that prevents an OU attribute
from including a name, DBA, tradename, trademark, address, location, or
other text that refers to a specific natural person or Legal Entity unless
the CA has verified this information in accordance with Section 3.2 and the
Certificate also contains subject:organizationName, subject:surname,
subject:localityName, and subject:countryName attributes, also verified in
accordance with Section 3.2.2.1.



7.1.6.1

…

If the Certificate asserts the policy identifier of 2.23.140.1.2.1, then it
MUST NOT include organizationName, givenName, surname, streetAddress,
localityName, stateOrProvinceName, or postalCode in the Subject field.

…

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/validation/attachments/20160525/280ad51e/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4964 bytes
Desc: not available
Url : https://cabforum.org/pipermail/validation/attachments/20160525/280ad51e/attachment.bin

More information about the Validation mailing list