[Servercert-wg] [EXTERNAL] State or Province

Tim Hollebeek tim.hollebeek at digicert.com
Thu Sep 12 12:51:09 MST 2019

I’m fine with that if we can come up with appropriate text.




From: Wayne Thayer <wthayer at mozilla.com> 
Sent: Thursday, September 5, 2019 7:49 PM
To: Tim Hollebeek <tim.hollebeek at digicert.com>; CA/B Forum Server Certificate WG Public Discussion List <servercert-wg at cabforum.org>
Cc: Ryan Sleevi <sleevi at google.com>
Subject: Re: [Servercert-wg] [EXTERNAL] State or Province


On Thu, Sep 5, 2019 at 4:18 PM Tim Hollebeek via Servercert-wg <servercert-wg at cabforum.org <mailto:servercert-wg at cabforum.org> > wrote:

I agree that a discussion of the goals for this certificate field might help us select a list (I’d throw out that it also might not).  I personally don’t have any strong opinions on the goals, other than a desire for clear requirements and uniformity.


Regarding requirements around disclosure of reasons for violating the SHOULD, I’m curious how that would actually work at the scale required.  Especially since we have had no previous successes with that sort of requirement.  I’m worried that trying to solve that problem might unfortunately prevent progress on this important issue.



When has this type of reporting has been required in the past?


It could be as simple as updating an online doc each time an exception is made. We could also define a limited period of time when reporting is required.


There would even be value in requiring CAs to document exceptions with no reporting requirement. If the requirement was something like "MUST populate the Subject:stateOrLocality field with a valid ISO 3166-2 subdivision, or else must document that an exception was made and the reason for it", then we'd be reasonably confident that any exceptions found in CT are really problems that need to be solved (as opposed to someone just ignoring a SHOULD).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190912/49ffd608/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/servercert-wg/attachments/20190912/49ffd608/attachment.p7s>

More information about the Servercert-wg mailing list