On Tue, Jan 31, 2017 at 5:50 AM, Hubert Kario <[email protected]> wrote: > On Monday, 30 January 2017 23:48:51 CET Peter Bowen wrote: >> See notes inline about known cities with numbers in their name. >> >> On Mon, Jan 30, 2017 at 10:39 AM, Peter Bowen <[email protected]> wrote: >> > While it is very hard to validate the subject content of certificates >> > outside of DNS names, there are a number of heuristics that may be >> > useful to trigger a deeper check to ensure that the data is accurate. >> > >> > A couple of these that I've found useful are: >> > >> > 1) If stateOrProvince or Locality type attributes contain a Number, >> > this is a red flag. I've yet to find any verified legitimate case >> > where this is correct >> >> Of course I hit send and then find a least one valid cases of a number: >> >> In Egypt (EG) there is a city called "6th of October". >> >> In the Czech Republic (CZ), ISO lists some subdivisions as having >> numbers (https://www.iso.org/obp/ui/#iso:code:3166:CZ). Wikipedia >> seems to suggest that these might not be current >> (https://en.wikipedia.org/wiki/Regions_of_the_Czech_Republic), but I >> think it should be considered reasonable for a CA to rely upon ISO >> 3166. > > No, they still exist: > https://en.wikipedia.org/wiki/Prague_1 > http://www.praha1.cz/cps/index.html > (note the address at the bottom of the page)
Is the number part of the name of the stateOrProvince or is it a postalCode? I know in Dublin there were numbered "postal districts" prior to the implementation of Eircode, but the city and county are both "Dublin" not "Dublin 8" or such. > Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic Am I parsing this correctly as follows? Company: Red Hat Czech s.r.o. Street Address: Purkyňova 99/71 Postal Code: 612 45 City: Brno Country: Czech Republic Does this imply that addresses in the Czech Republic do not use a state or province? Thanks, Peter _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
