[cabf_validation] Proposed Update to EV to include OrganisationIdentifier as per ETSI standard
Dimitris Zacharopoulos
jimmy at it.auth.gr
Mon Jun 11 05:23:00 MST 2018
According to the BRs 7.1.4.2.2:
"j. Other Subject Attributes All other optional attributes, when present
within the subject field, MUST contain information that has been
verified by the CA. Optional attributes MUST NOT contain metadata such
as '.', '-', and ' ' (i.e. space) characters, and/or any other
indication that the value is absent, incomplete, or not applicable."
This clause allows additional attributes to be added in the subjectDN
field. If there is any other clause in the BRs that forbid this or sets
additional requirements to "Other Subject Attributes" in the subjectDN,
we should also accommodate them but I think mr. Pope's proposal is
aligned with the BRs.
During the F2F, there were valid arguments that the proposal to add the
subject:organizationIdentifier should not depend only to the PSD2 model
but should be more broadly applicable. I propose using a more inclusive
language:
--- BEGIN PROPOSED TEXT ---
"Proposed additional text for CA/Browser Forum EV Guidelines section 9.2.x:
*Certificate field*: organizationIdentifier (OID 2.5.4.97)
*Required/Optional*: Optional
*Contents*: This contains subject additional registration information as
required for specific regulatory purposes other than the registration as
described in 9.2.6. This field MAY be encoded as specified in ETSI TS
119 412-1 v1.2.1 clause 5.1.4"
--- END PROPOSED TEXT ---
This text allows the subject:organizationIdentifier attribute to be used
by any Jurisdiction without enforcing specific semantics. Those that
want to additionally adhere to the PSD2 directive would request the
specific semantics per ETSI TS 119 412-1 v1.2.1 clause 5.1.4, including
the semanticsIdentifier in the QcStatements extension.
Dimitris.
On 11/6/2018 2:23 μμ, Pope, Nick via Validation wrote:
>
> All,
>
> As discussed at last week’s CAB Forum plenary I would like to propose
> that the following text be added to EV Guidelines section 9.2.x:
>
> Certificate field: organizationIdentifier (OID 2.5.4.97)
>
> Required/Optional: Optional
>
> Contents: This contains subject additional registration information as
> required for specific regulatory purposes other than the registration
> as described in 9.2.6. This field shall be encoded as specified in
> ETSI TS 119 412-1 v1.2.1 clause 5.1.4. This shall not contain
> registration number from a national trade register as identified by
> “NTR” in ETSI TS 119 412-1 v1.2.1 clause 5.1.4.
>
> Before this is submitted to the main list I would welcome any
> suggestions regarding changes to this proposal to best fit in with the
> CAB Forum approach to validation.
>
> Regards
>
> Nick Pope
>
> ------------------------------------------------------------------------
>
> <http://www.thalesesecurity.com>
>
> *Nick**Pope*
> Principal Consultant, Advanced Solutions Group
>
> Tel: +44 1844 203585
> Mob: +44 7880 787940
>
> <https://www.twitter.com/thalesesecurity>@thalesesecurity
>
> *Thales eSecurity*
> Meadow View House, Long Crendon
> Aylesbury HP18 9EQ
> United Kingdom
>
> <https://gdpr.thalesesecurity.com/>
>
> www.thalesesecurity.com <http://www.thalesesecurity.com>
>
>
>
> _______________________________________________
> Validation mailing list
> Validation at cabforum.org
> https://cabforum.org/mailman/listinfo/validation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20180611/0e6af5df/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 1385 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20180611/0e6af5df/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 498 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20180611/0e6af5df/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 60612 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20180611/0e6af5df/attachment-0005.png>
More information about the Validation
mailing list