[cabf_validation] Change to EV 9.2.7
陳立群
realsky at cht.com.tw
Thu Mar 2 19:09:05 MST 2017
Dear Mark,
Is D&B records a QGIS or QTIS in EVGL?
There is a QGIS set up by Department of Commerce, Ministry of
Economical Affairs for Companies, Businesses and Factories. There is a QTIS
for Taxpayer (Legal Person) set up by Fiscal Information Agency, Ministry of
Finance in Taiwan.
I agree with you view point that “a place” of business is going to
be much harder for issuers to verify as a business may have many locations
that aren’t necessarily registered with entities.
I suggest to let the vetting team or RA operators (RA counter) keep the
audit trails for verify QGIS or QTIS or rely on a Registration Form or
Change Registration Form.
Because in Government CA, there may be DIT and DN rule that is somewhat
different with commercial CA.
(My presentation file is in
https://cabforum.org/wp-content/uploads/Amendment-of-BR-7.1.4.2.2.pdf
in Redmond F2F meeting. In Oct., 2014 I already discussed the issue in 33
F2F meeting )
Dear Jeremy,
Because I had a cold ,sore throats and bronchial inflammation, the
doctor advised me not to stay up late. I can't join Jan.26 Validation Call
meeting. I had email you.
So I don’t that I have ever post in Validation Working Group that State is
not required in Taiwan. But it seems in your ballot EV 9.2.7, you still let
it be required. Do your discussion on Jan.,26 was that let me divide
amendment of SSL BR 7.1.4.2.2 & EVGL 9.2.5 to other two ballot?
Sincerely Yours,
Li-Chun Chen
Chunghwa Telecom
From: Validation [mailto:validation-bounces at cabforum.org] On Behalf Of Mark
B. Cooper via Validation
Sent: Friday, March 03, 2017 3:29 AM
To: CA/Browser Forum Validation WG List
Cc: Mark B. Cooper
Subject: [外部郵件] Re: [cabf_validation] Change to EV 9.2.7
I suspect defining the place of business as being the legally registered
location of the business would be a more accurate and descriptive term. This
would be easier to verify in D&B records as well as other sources. “a
place” of business is going to be much harder for issuers to verify as a
business may have many locations that aren’t necessarily registered with
entities.
-Mark
Mark B. Cooper
President & Founder
PKI Solutions Inc.
<http://www.pkisolutions.com> www.pkisolutions.com
Telephone: +1 971 231 5523
From: Validation [mailto:validation-bounces at cabforum.org] On Behalf Of Rick
Andrews via Validation
Sent: Wednesday, March 1, 2017 3:48 PM
To: CA/Browser Forum Validation WG List <validation at cabforum.org>
Cc: Rick Andrews <Rick_Andrews at symantec.com>
Subject: Re: [cabf_validation] Change to EV 9.2.7
Jeremy,
“This field MUST contain the address of the physical location of the
Subject’s Place of Business.” What does “the” mean here? Many businesses
have multiple physical locations. Should it be “a” instead? Should we
clarify that it doesn’t have to be the physical location of the server(s)
hosting the certificate?
-Rick
From: Validation [mailto:validation-bounces at cabforum.org] On Behalf Of
Jeremy Rowley via Validation
Sent: Wednesday, February 22, 2017 11:30 PM
To: CA/Browser Forum Validation WG List <validation at cabforum.org>
Cc: Jeremy Rowley <jeremy.rowley at digicert.com>
Subject: Re: [cabf_validation] Change to EV 9.2.7
I’ve created this as ballot 191. Do we have a second endorser?
Ballot 191 - Clarify Place of Business Information Field Inclusion
The current EV Guidelines are not clear on what address information is
required in a certificate. This ballot clarifies the requirements.
--Motion Begins--
A. Modify Section 9.2.7 as follows:
'''9.2.7. Subject Physical Address of Place of Business Field'''
Certificate fields:
Number and street: subject:streetAddress (OID: 2.5.4.9)
City or town: subject:localityName (OID: 2.5.4.7)
State or province (where applicable): subject:stateOrProvinceName (OID: 2.5.
4.8)
Country: subject:countryName (OID: 2.5.4.6)
Postal code: subject:postalCode (OID: 2.5.4.17)
Required/Optional: --(City, state, and country – Required; Street and
postal code – Optional)-- __As stated in Section 7.1.4.2.2 d, e, f, g and h
of the Baseline Requirements__
Contents: This field MUST contain the address of the physical location of
the Subject’s Place of Business.
--Motion Ends--
From: Validation [mailto:validation-bounces at cabforum.org] On Behalf Of Bruce
Morton via Validation
Sent: Wednesday, January 25, 2017 12:51 PM
To: CA/Browser Forum Validation WG List <validation at cabforum.org>
Cc: Bruce Morton <Bruce.Morton at entrustdatacard.com>
Subject: [cabf_validation] Change to EV 9.2.7
To deal with the Require/Optional requirement or the Place of Business, I
propose a simple change which will make the EV Guidelines consistent with
the Baseline Requirements.
The EV Guidelines currently state:
9.2.7. Subject Physical Address of Place of Business Field
Certificate fields:
Number and street: subject:streetAddress (OID: 2.5.4.9)
City or town: subject:localityName (OID: 2.5.4.7)
State or province (where applicable): subject:stateOrProvinceName (OID: 2.5.
4.8)
Country: subject:countryName (OID: 2.5.4.6)
Postal code: subject:postalCode (OID: 2.5.4.17)
Required/Optional: City, state, and country – Required; Street and postal
code – Optional
Contents: This field MUST contain the address of the physical location of
the Subject’s Place of Business.
To address the Required/Optional issue, I propose the following change.
9.2.7. Subject Physical Address of Place of Business Field
Certificate fields:
Number and street: subject:streetAddress (OID: 2.5.4.9)
City or town: subject:localityName (OID: 2.5.4.7)
State or province (where applicable): subject:stateOrProvinceName (OID: 2.5.
4.8)
Country: subject:countryName (OID: 2.5.4.6)
Postal code: subject:postalCode (OID: 2.5.4.17)
Required/Optional: As stated in Section 7.1.4.2.2 d, e, f, g and h of the
Baseline Requirements
Contents: This field MUST contain the address of the physical location of
the Subject’s Place of Business.
本信件可能包含中華電信股份有限公司機密資訊,非指定之收件者,請勿蒐集、處理或利用本信件內容,並請銷毀此信件. 如為指定收件者,應確實保護郵件中本公司之營業機密及個人資料,不得任意傳佈或揭露,並應自行確認本郵件之附檔與超連結之安全性,以共同善盡資訊安全與個資保護責任.
Please be advised that this email message (including any attachments) contains confidential information and may be legally privileged. If you are not the intended recipient, please destroy this message and all attachments from your system and do not further collect, process, or use them. Chunghwa Telecom and all its subsidiaries and associated companies shall not be liable for the improper or incomplete transmission of the information contained in this email nor for any delay in its receipt or damage to your system. If you are the intended recipient, please protect the confidential and/or personal information contained in this email with due care. Any unauthorized use, disclosure or distribution of this message in whole or in part is strictly prohibited. Also, please self-inspect attachments and hyperlinks contained in this email to ensure the information security and to protect personal information.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20170303/40d7b216/attachment-0001.html>
More information about the Validation
mailing list