Hi Tim, I had thought the point of including cabfOrganizationIdentifier was to enable deprecation of subject:organizationIdentifier, rather than the inverse. It seems it would be minimally appropriate to understand the discussions and/or actions ETSI has taken post SC17 to address the topic of adoption of the CABFOrganizationIdentifier (for example, an explanation of why its adoption was rejected or additional background on why it’s unsuited for ETSI’s use-case(s)) prior to considering moving forward with such a ballot. FWIW, I attempted to find something along those lines, but was unable to (most likely due to insufficient Google-fu, but perhaps such discussions are not public or perhaps they have not occurred).
Thanks! -Clint > On Oct 11, 2023, at 12:57 PM, Tim Hollebeek via Validation > <validation@cabforum.org> wrote: > > > Ballot SC17 added the cabfOrganizationIdentifer, which duplicates the > information encoded in the subject:organizationIdentifier field, just in a > different format/encoding. The subject:orgID field is standardized by ETSI > and used in the processing of eIDAS certificates; on the other hand, to the > best of my knowledge, no software has ever been written that processes or > uses the cabfOrganzationIdentifier field. > > Is there a good reason to keep requiring the field? It was added as a > political compromise to get ballot SC17 passed, but that’s not a good reason > to keep around a clunky alternative encoding for information already present > in the certificate, in an obscure bespoke ASN.1 format that no tools support > or use. > > I’m tempted to write a quick ballot to make it optional, so CAs can start > leaving it out. > > -Tim > _______________________________________________ > Validation mailing list > Validation@cabforum.org <mailto:Validation@cabforum.org> > https://lists.cabforum.org/mailman/listinfo/validation
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Validation mailing list Validation@cabforum.org https://lists.cabforum.org/mailman/listinfo/validation
