On Fri, Nov 3, 2017 at 2:37 PM, Peter Bowen via Public <[email protected]> wrote:
> What do others think? Is it reasonable to allow DV certificates with > countryName in the subject? > I think this is a reasonable and good path forward. I would like it if we could choose a value for countryName that would mean "no country asserted." While it's fairly straightforward to pick a country based on geolocating the IP address of the subscriber, or the IP address of a server involved in validation (if there is one), this introduces otherwise-unnecessary code for DV CAs. Also, the result of IP geolocation will frequently misrepresent what the subscriber thinks of as their country, in particular because many people use cloud services in another country. I expect this difference would lead to an unnecessarily large customer support burden. For instance, we could choose QQ from the user-assigned code elements of ISO-3166 <https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#User-assigned_code_elements> to mean "no country asserted."
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
