[Servercert-wg] [EXTERNAL] State or Province

Ryan Sleevi sleevi at google.com
Thu Sep 5 11:35:27 MST 2019

On Thu, Sep 5, 2019 at 2:21 PM Erwann Abalea <Erwann.Abalea at docusign.com>

> The point here is that ISO3166-x is not purely technical, it’s also
> politically tainted. How to use 3166-1 is already not clearly defined (the
> text present in the BR doesn’t cover all cases), I don’t think adding a
> MUST related to 3166-2 will solve anything.

Sure, but that's true of anything geographic or jurisdictional based,
because those are inherently political questions.

I don't think you can say it wouldn't solve anything; very clearly, it
would give consistency. I understand your argument may be that consistency
is undesirable, because the flexibility afforded CAs today allows them to
make up the rules as they go based on the political whims and fashion of
the time, but ostensibly, that flexibility is a problem.

To move the discussion forward, more concretely, what would you advocate as
a solution to ensure that, for a given organization, it can be reliably and
consistently encoded independent of the factors with respect to the
validation agent performing the validation, the CA issuing the certificate,
and the QIIS/QGIS used? If there are other options, like what Joanna
highlighted, we absolutely should be talking about them. But we can't just
throw our hands up, embrace nihilism, and say "This is hard!"

If we wanted to embrace that nihilism, we'd stop issuing certs with those
fields entirely. Yet that seems like for some CAs and subscribers, it would
cause as many or more problems than it solves. So let's try to solve the
simple problem of consistency, and suggestions you have to improve that are
truly welcome.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190905/b5014fa9/attachment.html>

More information about the Servercert-wg mailing list