[cabf_validation] Pre-Ballot Registration Agencies / Incorporating Agencies

Tim Hollebeek tim.hollebeek at digicert.com
Tue May 19 13:15:40 MST 2020 

I think that’s a useful improvement.  What precisely it means for a large organization to “know” something has caused problems in the past.

 

-Tim

 

From: Validation <validation-bounces at cabforum.org> On Behalf Of Doug Beattie via Validation
Sent: Thursday, May 14, 2020 3:57 PM
To: Ryan Sleevi <sleevi at google.com>
Cc: CABforum3 <validation at cabforum.org>
Subject: Re: [cabf_validation] Pre-Ballot Registration Agencies / Incorporating Agencies

 

If you change “if known” to Optional, then I’m ok.

 

The accepted or allowed form or syntax of the Registration Number used by the Incorporating Agency or Registration Agency (optional)

 

From: Ryan Sleevi <sleevi at google.com <mailto:sleevi at google.com> > 
Sent: Thursday, May 14, 2020 3:52 PM
To: Doug Beattie <doug.beattie at globalsign.com <mailto:doug.beattie at globalsign.com> >
Cc: CA/Browser Forum Validation SC List <validation at cabforum.org <mailto:validation at cabforum.org> >
Subject: Re: [cabf_validation] Pre-Ballot Registration Agencies / Incorporating Agencies

 

Doug,

 

Thanks for doing this. As I mentioned on GitHub, I think there's some misunderstanding, below.

 

On Thu, May 14, 2020 at 3:32 PM Doug Beattie <doug.beattie at globalsign.com <mailto:doug.beattie at globalsign.com> > wrote:

Ryan,

 

I posted a couple of comments in GitHub, but wanted to provide them here as well for those that may not be following this thread.

 

I’m OK with providing a list of Registration Agencies / Incorporating Agencies by name, but this ballot also requires CAs to define and document (in the list of disclosed Agencies) all of the following information:

 

1.	The accepted values for the `subject:jurisdictionLocalityName` (OID: 1.3.6.1.4.1.311.60.2.1.1), `subject:jurisdictionStateOrProvinceName` (OID: 1.3.6.1.4.1.311.60.2.1.2), and `subject:jursidictionCountryName` (OID: 1.3.6.1.4.1.311.60.2.1.3) fields when a certificate is issued using information from that Incorporating Agency or Registration Agency, indicating the jurisidction(s) that the Agency is appropriate for; and,

 

I'm not sure why this is difficult? This is already a requirement of the EV Guidelines (that is, the values in a cert MUST be linked to the Registration Agency / Agency of Incorporation). So you're already supposed to be managing this and there should be exactly 1 value for each of these.

 

2.	The accepted or allowed form or syntax of the Registration Number used by the Incorporating Agency or Registration Agency, if known; and,

"If known". This is optional, but it's listed so people know it's useful/important and look to collect, which a number are.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/validation/attachments/20200519/b9b38f15/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/validation/attachments/20200519/b9b38f15/attachment.p7s>

More information about the Validation mailing list