[cabf_validation] GLEIF discussion today

Ryan Sleevi sleevi at google.com
Fri Feb 15 07:49:53 MST 2019

On Thu, Feb 14, 2019 at 7:11 PM Kirk Hall via Validation <
validation at cabforum.org> wrote:

>  But I still have one question, and one suggestion.
> (1) What exactly does an LOU **do** to validate a new customer when
> validating organization and assigning an LEI number?

To echo remarks on the call, I want to emphasize that at this time, CAs
should not consider GLEIF a QIIS, for exactly this reason. I do want to
make sure this is echo'd on the public lists, since it was raised on the
call, so that there is no ambiguity.

(2) On a happier note – the ETSI group is about to bring forward a ballot
> to allow the organizationIdentifier (OI) field authorized already in X.520
> to be allowed in the SubjectDN of an EV certificate (in EVGL Section 9.2),
> along with a VAT number or PSD number.  Originally they were also
> considering an LEI, but I thought that should wait until we had more
> information.  Now that I realize CAs can securely match an LEI number to an
> EV profile, I believe we should allow all three identifiers in the upcoming
> ballot, VAT, PSD, and LEI number.  So I recommend the orgID ballot authors
> include all three identifiers to be permitted in their ballot – we would
> support that.

While I am encouraged to hear that ETSI has finally taken some of the
suggestions into consideration for how to resolve their PSD2 issue, I'm
concerned that there is still not anything of substance to discuss, given
that we've been talking about it since June of last year.

Due to such significant delays, I think it would be unreasonable to GLEIF
and ETSI to couple the ballots in such a way, especially considering the
difference in objectives, approaches, and reliance. While I think if ETSI
has a substantive ballot they'd like to propose, I do want to discourage
them from taking the advice above, as it unnecessarily couples unrelated
concepts and overloads matters in a way that would not be productive for
them, or for GLEIF, in finding a workable solution.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20190215/9438bc6f/attachment.html>

More information about the Validation mailing list