On 18/3/2017 8:02 πμ, Ryan Sleevi wrote:
On Sat, Mar 18, 2017 at 1:08 AM, Dimitris Zacharopoulos via Public
<firstname.lastname@example.org <mailto:email@example.com>> wrote:
The same might apply to Government agencies in the UK. Kirk, thank
you for the support. If members have no strong objections about
these two exceptions, we might introduce them in a future ballot.
To be clear: I think we'd strongly object for the reasons given
("because they want to"), and for the issues previously highlighted.
I support further discussion of this, and in particular, if there are
any better reasons that can be articulated, as the current one is not
sufficient relative to the trade-offs and problems it introduces. I
welcome further information that you might be able to share about this.
Let me try to provide some reasons in favor of allowing these two
1. For reasons unrelated to the CA/B Forum (political or whatever
non-technical reasons), two EU Countries have been using different
two-letter Country Identifiers in addition to the ones listed in
ISO3166-1. These exceptions have been well-defined in legal EU
documents, like the 1505/2015
implementing decision. Since these exceptions are used
Internationally, are well-defined and globally recognized, it makes
sense to allow them to be used in the webPKI as well.
2. Introducing these well-defined exceptions pose no security threat
because these identifiers are already known for so long. AFAIU, by
adding these two exceptions, no significant problems have been
identified so far in the discussion. Please note that I am not
suggesting "replacing C=GR with C=EL and C=GB with C=UK" but
allowing all of them to be acceptable.
3. There may be legal reasons for some official government agencies to
be represented by using C=EL or C=UK in the subject field. Should
the Forum prevent that? Should the Forum question these reasons?
I don't know if the Greek government has contacted ISO3166 in order to
add some text that makes an "exceptional reservation" notice for "EL"
but would this change anything? I mean "UK" is already marked as
"exceptionally reserved" but it's still not allowed in the current BRs.
I am not sure what more would you expect for this conflict to be
resolved. The Forum has been notified about this conflict and should
decide (according to the last paragraph of 9.16.3) whether to consider
possible revisions or dismiss this issue.
BTW, I tried to find the latest official version of ISO3166-1 but it is
not free, so if anyone has it and can provide any possible references to
C=EL, I'd be happy to hear.
Public mailing list