[cabf_validation] OrganisationIdentifier mandated by ETSI TSt119 495

Jeremy Rowley jeremy.rowley at digicert.com
Tue Nov 20 17:24:23 MST 2018


If it's not necessarily for browser use, does that matter? If it is for browser use, then we can define standards for it. For example, gleif has an oid for lei. Only thing stopping its use is the cab forum because of the odd rule regarding inclusion. Wouldn't hurt anyone if it was included and the lack of permission to include it hinders adoption by browsers who may want to use it. If the browsers or CAs care about the validation of a particular field, defining criteria is easy.
________________________________
From: Wayne Thayer <wthayer at mozilla.com>
Sent: Tuesday, November 20, 2018 4:13:12 PM
To: Jeremy Rowley
Cc: CA/Browser Forum Validation WG List; Ryan Sleevi; Doug Beattie
Subject: Re: [cabf_validation] OrganisationIdentifier mandated by ETSI TSt119 495

There are no standards for verifying arbitrary subject attributes, so each CA will make up their own policies and the information in those fields will be inconsistent, at best.

On Tue, Nov 20, 2018 at 5:04 PM Jeremy Rowley <jeremy.rowley at digicert.com<mailto:jeremy.rowley at digicert.com>> wrote:
The level of verification is different.  As long as all information is verified to the relevant standard, what's the risk of including additional subject fields?
________________________________
From: Wayne Thayer <wthayer at mozilla.com<mailto:wthayer at mozilla.com>>
Sent: Tuesday, November 20, 2018 4:02:54 PM
To: Jeremy Rowley
Cc: CA/Browser Forum Validation WG List; Ryan Sleevi; Doug Beattie
Subject: Re: [cabf_validation] OrganisationIdentifier mandated by ETSI TSt119 495

By that logic, OV certs are as good as EV - the information is all verified.

On Tue, Nov 20, 2018 at 3:49 PM Jeremy Rowley <jeremy.rowley at digicert.com<mailto:jeremy.rowley at digicert.com>> wrote:
Why is it dangerous? These are subject fields. What's the risk in permitting them of they are verified?
________________________________

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20181121/ecb8a185/attachment-0001.html>


More information about the Validation mailing list