That's accurate, but the real question goes back to a discussion we previously had at the CAB forum that I don't think was answered - what is a locality vs. a state vs. an address?
In Sept 2019, we put in code that requires this be checked against however map software defines it, allowing locality = city or county. However, before that the guidance was that locality = locality= whatever the address lookup during verification confirmed was locality. Before revoking this particular cert, I figured we needed a clear working definition on locality since I didn't want a subjective review of all certs issued prior to Sept 2019. Does anyone know of a definition to use? We (DigiCert) currently uses ISO 3166-2 to define states, but I know even that is not universally held (based on the previous discussion about adopting it as the definition). -----Original Message----- From: dev-security-policy <dev-security-policy-boun...@lists.mozilla.org> On Behalf Of George via dev-security-policy Sent: Friday, June 26, 2020 3:05 PM To: dev-security-policy@lists.mozilla.org Subject: Clear definition of a "locality" I sent a problem report to rev...@digicert.com regarding the locality field in: https://crt.sh/?q=12EC8C05667173603367E8F93B7FDCA7EC60F9838EF3B72A4483BAF48DE48F4B Jeremy Rowley replied stating that he believed the locality was correct as there was no clear definition of a locality, can we get a clear definition of this? If these are considered localities then the streetAddress field seems to be obsolete? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
