On Wednesday, 1 February 2017 13:00:51 UTC, Kurt Roeckx wrote: > I think there are many places in Europe that have states or provinces > but where you just don't use them in an official address.
I think it must be a well-known fact by now that the X.500 system's hierarchical model is not a good fit to the real world in a variety of ways. In England (where I live) the logical thing to write in a required field saying "state" or "province" is a county. Except, England has not only ancient counties, like Yorkshire, and ceremonial counties, like Hampshire, but also modern metropolitan and non-metropolitan counties. These differ in area, and all except the ancient counties are subject to modification of their extent or outright abolition at the whim of central government. They also don't cover the whole area of England. Both the capital city and some smaller islands simply aren't in any sort of county at all. Things are, inevitably, further complicated in the other three countries that make up the United Kingdom. It is not at all uncommon to see L=London, ST=Middlesex given as an example in documentation even though the county of Middlesex was abolished in 1965, before the X.500 series was invented. So an argument could be made this is technically "wrong" but I don't think it's unclear as to which London is meant. In practice then I think we should try to ask local experts (ie people at least resident in the relevant country) when trying to judge whether the Locality and State elements of a Subject DN are acceptable for identifying the actual Subject unless it is very obvious (as with the 'test' example) that they are could not be. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
