[cabf_validation] EVG 9.8.2. cabfOrganizationIdentifier

Tim Hollebeek tim.hollebeek at digicert.com
Wed Oct 11 19:57:31 UTC 2023


Ballot SC17 added the cabfOrganizationIdentifer, which duplicates the
information encoded in the subject:organizationIdentifier field, just in a
different format/encoding.  The subject:orgID field is standardized by ETSI
and used in the processing of eIDAS certificates; on the other hand, to the
best of my knowledge, no software has ever been written that processes or
uses the cabfOrganzationIdentifier field.


Is there a good reason to keep requiring the field?  It was added as a
political compromise to get ballot SC17 passed, but that's not a good reason
to keep around a clunky alternative encoding for information already present
in the certificate, in an obscure bespoke ASN.1 format that no tools support
or use.


I'm tempted to write a quick ballot to make it optional, so CAs can start
leaving it out.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20231011/4a1e134b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5231 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20231011/4a1e134b/attachment.p7s>

More information about the Validation mailing list