On Wed, May 17, 2017 at 6:08 AM, Adriano Santoni via Public < [email protected]> wrote:
> All, would like some opinions about the following question: > Can it be considered "okay" if the streetAddress component of an OV (or > EV) certificate Subject contains some more information than it's strictly > specified (or, more exactly, exemplified) in ITU-T X.520 ? > > ITU-T X.520 (aka ISO/IEC 9594-6) reads: > "The Street Address attribute type specifies a site for the local > distribution and physical delivery in a postal address, > i.e., the street name, place, avenue and house number" > > For instance, how would you consider a street Address that, in addition to > street name and house number, also contains a country name: compliant? > non-compliant? of dubious compliance? > I would argue "of dubious compliance". More pessimistically, it seems like it would permit avoiding validating that information - that is, 3.2.2.3 has requirements about the appearance of the subject:countryName that this would seemingly be exempt from. It would also seem to attempt to bypass the 7.1.4.2.2(h) requirement. As noted, the subject:streetAddress needs to comply with 7.1.4.2.2(d), which means it must be validated in accordance with Section 3.2.2.1. I would argue that since 7.1.4.2.2(d) ["Number"], 7.1.4.2.2(e), (f), (g), and (h) all refer back to 3.2.2.1, it's meant to be the defined place to enter such information. That's my initial take, and I'm curious whether folks would disagree. I can understand how one could read X.520 and try to argue that "streetAddress" could holistically encompass all of the street address, but I think that reading would be suspect with the clear intent of the BRs in spelling out (d)-(h) as the way of encoding the information validated from 3.2.2.1, and the times in which they're required.
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
