My response would be that the OU could be a single hyphen minus, but this does not mean ‘absent’ or ’none provided’, it means the organization unit’s name is ‘-’. (Perhaps other units are called ‘•’, ‘▷’, and ‘◆’.)
It’s definitely the case that 7.1.4.2.2j does not apply to 7.1.4.2.2i, this was intentional because we did not want to require CAs to verify the names of organization units. > On Feb 19, 2019, at 6:30 PM, [email protected] wrote: > > Thank you for your confirmation. > > Is it possible that the value of OU of subject distinguished > name in a BR subscriber certificate is a single hyphen minus, > provided that the value satisfies conditions of 7.1.4.2.2.i? > -- > iida > >> Hello, >> >> Thank you for contacting the CA/B Forum. You are correct. 7.1.4.2.2.j >> applies to Subject attributes other than those listed in .a through .i, and >> the Baseline Requirements permit CAs to include Subject attributes that are >> not defined in 7.1.4.2.2 (Note that different rules apply to EV).
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
