[cabf_validation] EVG 9.8.2. cabfOrganizationIdentifier

Clint Wilson clintw at apple.com
Wed Oct 11 20:47:44 UTC 2023

Hi Tim,

I had thought the point of including cabfOrganizationIdentifier was to enable deprecation of subject:organizationIdentifier, rather than the inverse. It seems it would be minimally appropriate to understand the discussions and/or actions ETSI has taken post SC17 to address the topic of adoption of the CABFOrganizationIdentifier (for example, an explanation of why its adoption was rejected or additional background on why it’s unsuited for ETSI’s use-case(s)) prior to considering moving forward with such a ballot. 
FWIW, I attempted to find something along those lines, but was unable to (most likely due to insufficient Google-fu, but perhaps such discussions are not public or perhaps they have not occurred).


> On Oct 11, 2023, at 12:57 PM, Tim Hollebeek via Validation <validation at cabforum.org> wrote:
> Ballot SC17 added the cabfOrganizationIdentifer, which duplicates the information encoded in the subject:organizationIdentifier field, just in a different format/encoding.  The subject:orgID field is standardized by ETSI and used in the processing of eIDAS certificates; on the other hand, to the best of my knowledge, no software has ever been written that processes or uses the cabfOrganzationIdentifier field.
> Is there a good reason to keep requiring the field?  It was added as a political compromise to get ballot SC17 passed, but that’s not a good reason to keep around a clunky alternative encoding for information already present in the certificate, in an obscure bespoke ASN.1 format that no tools support or use.
> I’m tempted to write a quick ballot to make it optional, so CAs can start leaving it out.
> -Tim
> _______________________________________________
> Validation mailing list
> Validation at cabforum.org <mailto:Validation at cabforum.org>
> https://lists.cabforum.org/mailman/listinfo/validation

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20231011/709c8134/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3621 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/validation/attachments/20231011/709c8134/attachment-0001.p7s>

More information about the Validation mailing list