[cabf_validation] Pre-Ballot Registration Agencies / Incorporating Agencies
Doug Beattie
doug.beattie at globalsign.com
Thu May 14 12:57:21 MST 2020
If you change “if known” to Optional, then I’m ok.
The accepted or allowed form or syntax of the Registration Number used by the Incorporating Agency or Registration Agency (optional)
From: Ryan Sleevi <sleevi at google.com>
Sent: Thursday, May 14, 2020 3:52 PM
To: Doug Beattie <doug.beattie at globalsign.com>
Cc: CA/Browser Forum Validation SC List <validation at cabforum.org>
Subject: Re: [cabf_validation] Pre-Ballot Registration Agencies / Incorporating Agencies
Doug,
Thanks for doing this. As I mentioned on GitHub, I think there's some misunderstanding, below.
On Thu, May 14, 2020 at 3:32 PM Doug Beattie <doug.beattie at globalsign.com <mailto:doug.beattie at globalsign.com> > wrote:
Ryan,
I posted a couple of comments in GitHub, but wanted to provide them here as well for those that may not be following this thread.
I’m OK with providing a list of Registration Agencies / Incorporating Agencies by name, but this ballot also requires CAs to define and document (in the list of disclosed Agencies) all of the following information:
1. The accepted values for the `subject:jurisdictionLocalityName` (OID: 1.3.6.1.4.1.311.60.2.1.1), `subject:jurisdictionStateOrProvinceName` (OID: 1.3.6.1.4.1.311.60.2.1.2), and `subject:jursidictionCountryName` (OID: 1.3.6.1.4.1.311.60.2.1.3) fields when a certificate is issued using information from that Incorporating Agency or Registration Agency, indicating the jurisidction(s) that the Agency is appropriate for; and,
I'm not sure why this is difficult? This is already a requirement of the EV Guidelines (that is, the values in a cert MUST be linked to the Registration Agency / Agency of Incorporation). So you're already supposed to be managing this and there should be exactly 1 value for each of these.
2. The accepted or allowed form or syntax of the Registration Number used by the Incorporating Agency or Registration Agency, if known; and,
"If known". This is optional, but it's listed so people know it's useful/important and look to collect, which a number are.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20200514/dfa9a75b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5688 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20200514/dfa9a75b/attachment.p7s>
More information about the Validation
mailing list