[Servercert-wg] [EXTERNAL] State or Province

Doug Beattie doug.beattie at globalsign.com
Thu Sep 5 10:39:20 MST 2019

There are certainly some countries we could include in a MUST list.



From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of Wayne Thayer via Servercert-wg
Sent: Thursday, September 5, 2019 1:35 PM
To: Ryan Sleevi <sleevi at google.com>; CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Subject: Re: [Servercert-wg] [EXTERNAL] State or Province


On Thu, Sep 5, 2019 at 7:54 AM Ryan Sleevi via Servercert-wg <servercert-wg at cabforum.org <mailto:servercert-wg at cabforum.org> > wrote:


On Thu, Sep 5, 2019 at 10:09 AM Richard Smith <rich at sectigo.com <mailto:rich at sectigo.com> > wrote:


OK, then yes, England is acceptable.  But wait, 3166-2 says England is a country.  That’s not a state or a province.  How about right below England on the page, we have England and Wales.  Is that acceptable for the ST field?  But 3166-2 says that’s a nation.  That’s not a state or a province either.  And BTW what the heck is the difference (from the perspective of this ISO standard) between a country and a nation, because I’ve always thought they were synonyms.  I guess someone, either in the UK, or over at ISO would disagree.


Right, to be clear, I agree 100% with Jeremy that we should get it to a MUST and absolutely should get consistency. The question is, as you point out, consistency "with what". The challenge is that 3166-2 includes many levels of hierarchy, not just "the immediate second".


If we can agree to some generic mapping of 3166-2 subdivisions to stateOrProvince, then there is value in adding that as a SHOULD. Linters can then start warning on this rule and provide the data we'll need to feel comfortable moving the requirement to a MUST. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190905/db5f9ac0/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5701 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190905/db5f9ac0/attachment-0001.p7s>

More information about the Servercert-wg mailing list