[cabf_validation] [EXTERNAL]Re: Other Subject Attributes

Wayne Thayer wthayer at mozilla.com
Wed Feb 27 13:38:21 MST 2019


 Thanks again for the careful read Doug. This will be fixed in the ballot I
post for the review period.

On Wed, Feb 27, 2019 at 1:30 PM Doug Beattie <doug.beattie at globalsign.com>
wrote:

> Hi Wayne,
>
>
>
> You’re still missing “only” in 7.1.4.2, it should be (from github):
>
>
>
> Subject attributes MUST NOT contain only metadata such as '.', '-', and '
> ' (i.e. space) characters, and/or any other indication that the value is
> absent, incomplete, or not applicable.
>
>
>
> The rest looks good though!
>
>
>
> In github the formatting of the items a-j in 7.1.4.2.2. is a bit messed
> up, but that’s a problem for another day.
>
>
>
>
>
> *From:* Wayne Thayer <wthayer at mozilla.com>
> *Sent:* Wednesday, February 27, 2019 2:34 PM
> *To:* Doug Beattie <doug.beattie at globalsign.com>
> *Cc:* CA/Browser Forum Validation WG List <validation at cabforum.org>
> *Subject:* Re: [cabf_validation] [EXTERNAL]Re: Other Subject Attributes
>
>
>
> Thanks Doug. Here is an updated ballot that should now match the redline:
>
> Ballot SC16: Other Subject Attributes
>
> Purpose of Ballot:
>
> This ballot intends to clarify requirements placed on Subject attributes
> in Subscriber certificates  in BR section 7.1.4.2 and EVGL section 9.2.8.
> Specifically, Subject fields must contain more than just metadata if they
> are present in a certificate. OU field are permitted in EV certificates,
> but no unspecified Subject attributes are permitted.
>
>
> The following motion has been proposed by Wayne Thayer of Mozilla and
> endorsed by Doug Beattie of GlobalSign and Tim Hollebeek of DigiCert.
>
>
> -- MOTION BEGINS --
>
> This ballot modifies the “Baseline Requirements for the Issuance and
> Management of Publicly-Trusted Certificates” as follows, based on Version
> 1.6.3:
>
> Capitalize the heading of Baseline Requirements section 7.1.4 Name Forms
>
> Add a second paragraph to Baseline Requirements section 7.1.4.2 as follows:
>
> Subject attributes MUST NOT contain metadata such as '.', '-', and ' '
> (i.e. space) characters, and/or any other indication that the value is
> absent, incomplete, or not applicable.
>
> Replace Baseline Requirements section 7.1.4.2.2(j.), in its entirety, with
> the following text:
>
> j. Other Subject Attributes
>
> Other attributes MAY be present within the subject field. If present,
> other attributes MUST contain information that has been verified by the CA.
>
> ----
>
> This ballot modifies the “Guidelines For The Issuance And Management Of
> Extended Validation Certificates” as follows, based on Version 1.6.8:
>
> Replace EV Guidelines section 9.2.8, in its entirety, with the following
> text:
>
> 9.2.8. Subject Organizational Unit Name Field
>
> Certificate field: subject:organizationalUnitName (OID 2.5.4.11)
>
> Required/Optional: Optional
>
> Contents: The CA SHALL implement a process that prevents an OU attribute
> from including a name, DBA, tradename, trademark, address, location, or
> other text that refers to a specific natural person or Legal Entity unless
> the CA has verified this information in accordance with Section 11. This
> field MUST NOT contain only metadata such as '.', '-', and ' ' (i.e. space)
> characters, and/or any other indication that the value is absent,
> incomplete, or not applicable.
>
> Add EV Guidelines section 9.2.9, with the following text:
>
> 9.2.9. Other Subject Attributes
>
> CAs SHALL NOT include any Subject attributes except as specified in
> Section 9.2.
>
>
> -- MOTION ENDS --
>
> *** WARNING ***: USE AT YOUR OWN RISK.  THE REDLINE BELOW IS NOT THE
> OFFICIAL VERSION OF THE CHANGES (CABF Bylaws, Section 2.4(a)):
>
> A comparison of the changes can be found at:
> https://github.com/wthayer/documents/compare/master...wthayer:EV-Subject-Information
>
> The procedure for approval of this ballot is as follows:
>
> Discussion (7+ days)
>
> Start Time: TBD UTC
>
> End Time: TBD UTC
>
> Vote for approval (7 days)
>
> Start Time: TBD
>
> End Time: TBD
>
>
>
> On Wed, Feb 27, 2019 at 10:11 AM Doug Beattie <doug.beattie at globalsign.com>
> wrote:
>
> Wayne,
>
>
>
> The contents of the ballot does not match the github contents.  I’m OK
> with the github, but the body of this ballot needs a couple of changes.
>
>
>
>
> https://github.com/wthayer/documents/compare/master...wthayer:EV-Subject-Information
>
>
>
> Doug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20190227/985936f4/attachment.html>


More information about the Validation mailing list