[Servercert-wg] [EXTERNAL] State or Province

Wayne Thayer wthayer at mozilla.com
Thu Sep 5 16:48:45 MST 2019

On Thu, Sep 5, 2019 at 4:18 PM Tim Hollebeek via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> I agree that a discussion of the goals for this certificate field might
> help us select a list (I’d throw out that it also might not).  I personally
> don’t have any strong opinions on the goals, other than a desire for clear
> requirements and uniformity.
> Regarding requirements around disclosure of reasons for violating the
> SHOULD, I’m curious how that would actually work at the scale required.
> Especially since we have had no previous successes with that sort of
> requirement.  I’m worried that trying to solve that problem might
> unfortunately prevent progress on this important issue.

When has this type of reporting has been required in the past?

It could be as simple as updating an online doc each time an exception is
made. We could also define a limited period of time when reporting is

There would even be value in requiring CAs to document exceptions with no
reporting requirement. If the requirement was something like "MUST populate
the Subject:stateOrLocality field with a valid ISO 3166-2 subdivision, or
else must document that an exception was made and the reason for it", then
we'd be reasonably confident that any exceptions found in CT are really
problems that need to be solved (as opposed to someone just ignoring a
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190905/5c8d87fb/attachment.html>

More information about the Servercert-wg mailing list