"Subject's Name" would refer to the Organization Name. We can clarify that more.
On Fri, Jun 24, 2022 at 1:47 PM Jacob Hoffman-Andrews <[email protected]> wrote: > On Fri, Jun 24, 2022 at 12:06 PM Ben Wilson <[email protected]> wrote: > >> I think it would be appropriate to shield the "affiliationChanged" reason >> code from appearing in your CRLs when you only issue DV certificates, and >> they don't include Subject Identity Information. >> > > We intend to specify the same reasonCodes in both CRLs and OCSP responses. > The most straightforward choice would be for us to reject subscriber > revocation requests that specify "affiliationChanged", requiring the > subscriber to choose a more correct reasonCode. A second choice would be to > accept those subscriber revocation requests but silently change them to > "unspecified" before writing to our storage. > > - "subject's name" is not totally clear to me. From context it seems >> like it means a subset of "subject identity information" (specifically the >> Organization field), but that would be redundant. Alternatively, it could >> refer to the entire Subject field (which is encoded as an X.501 Name), but >> then "subject identity information" would be a subset of "name" and it >> would be redundant in the other direction. >> >> Yes. We should have been more clear that Subject Identity Information" >> refers to the definition in the BRs. We can make this clearer in the >> guidance. >> > > Sounds good! What about "subject's name" - what does that refer to? > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaaZzVgpk6p8DS9sxN-U%2B6rPqhgkeSu1hR42MEfnT9USVQ%40mail.gmail.com.
