On 2016-08-16 21:42, Kathleen Wilson wrote:
Root Certificates:
Autoridad de Certificacion Firmaprofesional CIF A62634068
[...]
2) jurisdictionOfIncorporation should be PrintableString coded, but we
code it in UTF8: we fail to understand this requirement when UTF8 is
more recent and to encode that particular field with UTF8 will not cause
any interoperability problems: coding that ISO country information in
the jurisdictionOfIncorporation field with UTF8 or PrintableString will
result in the same data, so we do not see the of using an old
codification like PrintableString instead of the more recent and mainly
recommended UTF8.
So much comes the international trend to use UTF8 that some
manufacturers, such as PrimeKey with EJBCA, is the one and only that is
allowed for "custom extensions" and do not allow PrintableString in its
Community Edition.
I don't think there is a jurisdictionOfIncorporation, but there are:
- jurisdictionLocalityName
- jurisdictionStateOrProvinceName
- jurisdictionCountryName
Only jurisdictionCountryName should be a PrintableString, it's the only
option that's allowed, it just contains the 2 character country code
that can always be encoded as a PrintableString. For the other UTF-8 is
fine.
If EJBCA doesn't let you use PrintableString for it, it is open source,
you can modify it yourself.
Kurt
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
