[cabf_validation] Change to EV 9.2.7

Steve Medin Steve_Medin at symantec.com
Fri Mar 3 07:25:49 MST 2017


Sole props don't need to register in the UK unless they want a trade name and often don't need to register in the US.

Legal and registered place constraints on certificate consumers. Anti-trust tangent omitted. It also creates validation hurdles when companies move and there are no public records yet. We recently had a global brand move across the Hudson and the effort to get address proof was extensive.

If an address is found in an RDS, QGIS, or QIIS, then it is a significant enough address that the applicant transacts with it. This allows a relying party to understand which ABC Company is referenced by a particular certificate.

I suggest we not limit address to government sources.

> -----Original Message-----
> From: Validation [mailto:validation-bounces at cabforum.org] On Behalf Of
> Adriano Santoni via Validation
> Sent: Friday, March 03, 2017 2:44 AM
> To: validation at cabforum.org
> Cc: Adriano Santoni <adriano.santoni at staff.aruba.it>
> Subject: Re: [cabf_validation] Change to EV 9.2.7
> 
> +1
> 
> 
> 
> Il 02/03/2017 20:28, Mark B. Cooper via Validation ha scritto:
> >
> > I suspect defining the place of business as being the legally
> > registered location of the business would be a more accurate and
> > descriptive term. This would be easier to verify in D&B records as
> > well as other sources. "a place" of business is going to be much
> > harder for issuers to verify as a business may have many locations
> > that aren't necessarily registered with entities.
> >
> > -Mark
> >
> > *Mark B. Cooper*
> >
> > President & Founder
> >
> > PKI Solutions Inc.
> >
> > www.pkisolutions.com
> >
> > Telephone: +1 971 231 5523
> >
> > *From:* Validation [mailto:validation-bounces at cabforum.org] *On Behalf
> > Of *Rick Andrews via Validation
> > *Sent:* Wednesday, March 1, 2017 3:48 PM
> > *To:* CA/Browser Forum Validation WG List <validation at cabforum.org>
> > *Cc:* Rick Andrews <Rick_Andrews at symantec.com>
> > *Subject:* Re: [cabf_validation] Change to EV 9.2.7
> >
> > Jeremy,
> >
> > "This field MUST contain the address of the physical location of the
> > Subject's Place of Business." What does "the" mean here? Many
> > businesses have multiple physical locations. Should it be "a" instead?
> > Should we clarify that it doesn't have to be the physical location of
> > the server(s) hosting the certificate?
> >
> > -Rick
> >
> > *From:* Validation [mailto:validation-bounces at cabforum.org] *On Behalf
> > Of *Jeremy Rowley via Validation
> > *Sent:* Wednesday, February 22, 2017 11:30 PM
> > *To:* CA/Browser Forum Validation WG List <validation at cabforum.org
> > <mailto:validation at cabforum.org>>
> > *Cc:* Jeremy Rowley <jeremy.rowley at digicert.com
> > <mailto:jeremy.rowley at digicert.com>>
> > *Subject:* Re: [cabf_validation] Change to EV 9.2.7
> >
> > I've created this as ballot 191. Do we have a second endorser?
> >
> > Ballot 191 - Clarify Place of Business Information Field Inclusion
> >
> > The current EV Guidelines are not clear on what address information is
> > required in a certificate. This ballot clarifies the requirements.
> >
> > --Motion Begins--
> >
> > A. Modify Section 9.2.7 as follows:
> >
> > '''9.2.7. Subject Physical Address of Place of Business Field'''
> >
> > Certificate fields:
> >
> > Number and street: subject:streetAddress (OID: 2.5.4.9)
> >
> > City or town: subject:localityName (OID: 2.5.4.7)
> >
> > State or province (where applicable): subject:stateOrProvinceName
> > (OID: 2.5.4.8)
> >
> > Country: subject:countryName (OID: 2.5.4.6)
> >
> > Postal code: subject:postalCode (OID: 2.5.4.17)
> >
> > Required/Optional: --(City, state, and country - Required; Street and
> > postal code - Optional)-- __As stated in Section 7.1.4.2.2 d, e, f, g
> > and h of the Baseline Requirements__
> >
> > Contents: This field MUST contain the address of the physical location
> > of the Subject's Place of Business.
> >
> > --Motion Ends--
> >
> > *From:* Validation [mailto:validation-bounces at cabforum.org] *On Behalf
> > Of *Bruce Morton via Validation
> > *Sent:* Wednesday, January 25, 2017 12:51 PM
> > *To:* CA/Browser Forum Validation WG List <validation at cabforum.org
> > <mailto:validation at cabforum.org>>
> > *Cc:* Bruce Morton <Bruce.Morton at entrustdatacard.com
> > <mailto:Bruce.Morton at entrustdatacard.com>>
> > *Subject:* [cabf_validation] Change to EV 9.2.7
> >
> > To deal with the Require/Optional requirement or the Place of
> > Business, I propose a simple change which will make the EV Guidelines
> > consistent with the Baseline Requirements.
> >
> > The EV Guidelines currently state:
> >
> > *9.2.7. Subject Physical Address of Place of Business Field*
> >
> > *Certificate fields:*
> >
> > Number and street: subject:streetAddress (OID: 2.5.4.9)
> >
> > City or town: subject:localityName (OID: 2.5.4.7)
> >
> > State or province (where applicable): subject:stateOrProvinceName
> > (OID: 2.5.4.8)
> >
> > Country: subject:countryName (OID: 2.5.4.6)
> >
> > Postal code: subject:postalCode (OID: 2.5.4.17)
> >
> > *Required/Optional:* City, state, and country - Required; Street and
> > postal code - Optional
> >
> > *Contents:* This field MUST contain the address of the physical
> > location of the Subject's Place of Business.
> >
> > To address the Required/Optional issue, I propose the following change.
> >
> > *9.2.7. Subject Physical Address of Place of Business Field*
> >
> > *Certificate fields:*
> >
> > Number and street: subject:streetAddress (OID: 2.5.4.9)
> >
> > City or town: subject:localityName (OID: 2.5.4.7)
> >
> > State or province (where applicable): subject:stateOrProvinceName
> > (OID: 2.5.4.8)
> >
> > Country: subject:countryName (OID: 2.5.4.6)
> >
> > Postal code: subject:postalCode (OID: 2.5.4.17)
> >
> > *Required/Optional:* As stated in Section 7.1.4.2.2 d, e, f, g and h
> > of the Baseline Requirements
> >
> > *Contents:* This field MUST contain the address of the physical
> > location of the Subject's Place of Business.
> >
> >
> >
> > _______________________________________________
> > Validation mailing list
> > Validation at cabforum.org
> >
> https://clicktime.symantec.com/a/1/QTDGdHylrgAHYdSrrpAyqAi2GkdsHvYZ
> pp0
> >
> wbKmMrOU=?d=DV0AuJmmRxOhQE7QVtYtC7_VQbtj2zYPewfIxAVUMg2nh
> b2Uly6NTvGvSl
> > zPV7jASpxk5QuoY93BpTNkDHSQNSZCP6st9I0H5UHj3QO6ZdiHpuwSrB-
> QMxjjRPz34fBs
> > UnELLgutvxOTubuVpbW15-
> uzfAxRCAWTg5dU2hHkdOMwTg0SQxIYth27MVCZVBx3h4VbN3
> > VIvxOtBuxYjeW2_qdyo78qs58voA5l9rfjuC5hpHH04Dw-
> Y6XSUl926BvxVxkYOed6-wPC
> >
> YSULozXEwzfezwwvYZmRxu4ce18na0RXlyql9KEv1akLpesULuy6oIgIeF3DDW5
> 5f5QVtL
> >
> Uk3inEnOFa8WiByOEZ6kO330U8qo6N9zCGppjNXDNzwnaPunYSudGrIVLIjErD
> 8kqK&u=h
> > ttps%3A%2F%2Fcabforum.org%2Fmailman%2Flistinfo%2Fvalidation
> 
> --
> 
> Cordiali saluti,
> 
> Adriano Santoni
> ACTALIS S.p.A.
> (Aruba Group)



More information about the Validation mailing list