Ballot SC17 added the cabfOrganizationIdentifer, which duplicates the information encoded in the subject:organizationIdentifier field, just in a different format/encoding. The subject:orgID field is standardized by ETSI and used in the processing of eIDAS certificates; on the other hand, to the best of my knowledge, no software has ever been written that processes or uses the cabfOrganzationIdentifier field.
Is there a good reason to keep requiring the field? It was added as a political compromise to get ballot SC17 passed, but that's not a good reason to keep around a clunky alternative encoding for information already present in the certificate, in an obscure bespoke ASN.1 format that no tools support or use. I'm tempted to write a quick ballot to make it optional, so CAs can start leaving it out. -Tim
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Validation mailing list [email protected] https://lists.cabforum.org/mailman/listinfo/validation
