SC-87: Registration Number Improvement for EV Certificates #587
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Ballot SC-073: Compromised and Weak Keys (cabforum#500) (cabforum#509) * Ballot SC-073: Compromised and Weak Keys (cabforum#500) * Draft SC-073 language * Fix link * Update BR.md Updated version, date and revisions --------- Co-authored-by: Wayne Thayer <wthayer@gmail.com> * Auto-comment on new issues stating which TLS BR and EVG versions were active at the time (cabforum#521) * Ballot SC-75 - Pre-sign linting (cabforum#527) * Ballot SC-75 - Pre-sign linting (cabforum#518) * Define "Linting" and relevant language in 4.3.1.2. * Addresses cabforum#518 (comment) * Addressing comments of the email thread https://lists.cabforum.org/pipermail/servercert-wg/2024-May/004603.html up to 2024-06-05. * Delete duplicate text * Update to-be-issued with to-be-signed for consistency * Fix based on cabforum@ff98db7#r142754475 * Second fix based on cabforum@ff98db7#r142754475 * Language improvements * Language improvements * Fix capital first letter Co-authored-by: Corey Bonnell <corey.j.bonnell@outlook.com> * Fix capital first letter Co-authored-by: Corey Bonnell <corey.j.bonnell@outlook.com> * fix capitalization Co-authored-by: Corey Bonnell <corey.j.bonnell@outlook.com> * Moving to a more appropriate section based on cabforum#518 (comment) * Moving to a more appropriate section based on cabforum#518 (comment) * Adding suggestion for CAs to report inaccurate linting results in open-source linting projects. * Language improvements * Improved language for the need of Linting Co-authored-by: Rob Stradling <rob@sectigo.com> * Remove double space * Improve language * Clarify language for linting during self-audits Co-authored-by: Martijn Katerbarg <martijn.katerbarg@sectigo.com> * Fix typo * Small language improvement * Fix table formatting * Fix table formatting --------- Co-authored-by: Corey Bonnell <corey.j.bonnell@outlook.com> Co-authored-by: Rob Stradling <rob@sectigo.com> Co-authored-by: Martijn Katerbarg <martijn.katerbarg@sectigo.com> * Update BR.md changed version and dates as per SC75 --------- Co-authored-by: Dimitris Zacharopoulos <dzacharo@users.noreply.github.com> Co-authored-by: Corey Bonnell <corey.j.bonnell@outlook.com> Co-authored-by: Rob Stradling <rob@sectigo.com> Co-authored-by: Martijn Katerbarg <martijn.katerbarg@sectigo.com> --------- Co-authored-by: Iñigo Barreira <92998585+barrini@users.noreply.github.com> Co-authored-by: Wayne Thayer <wthayer@gmail.com> Co-authored-by: Martijn Katerbarg <martijn.katerbarg@sectigo.com> Co-authored-by: Dimitris Zacharopoulos <dzacharo@users.noreply.github.com> Co-authored-by: Rob Stradling <rob@sectigo.com>
docs/EVG.md
Outdated
| __Contents__: For Private Organizations, this field MUST contain the Registration (or similar) Number assigned to the Subject by the Incorporating or Registration Agency in its Jurisdiction of Incorporation or Registration, as appropriate. If the Jurisdiction of Incorporation or Registration does not provide a Registration Number, then the date of Incorporation or Registration SHALL be entered into this field in any one of the common date formats. | ||
| __Contents__: For Private Organizations, the CA SHALL include the Registration Number that it obtained and verified in accordance with [Section 3.2.2.2.1](#32221-verification-requirements) (1.A). If the Jurisdiction of Incorporation or Registration does not provide a Registration Number, then the CA SHALL include the Date of Formation in any one of the common date formats. Effective 2025-06-15, if the CA includes the Date of Formation, then the CA MUST use the Canonical Date Representation. | ||
|
|
||
| For Government Entities, the CA SHALL include the Registration Number that it obtained and verified in accordance with [Section 3.2.2.2.1](#32221-verification-requirements) (1.B). If the Jurisdiction of Incorporation or Registration does not provide a Registration Number, then the CA SHALL include the Date of Formation in any one of the common date formats. If no verifiable Date of Formation could be obtained for the Applicant, then the CA SHALL include appropriate language to indicate that the Subject is a Government Entity (e.g., the string "Government Entity", the name or identifier of the legislative act that created the Government Entity, etc.). Effective 2025-06-15, if the CA includes the Date of Formation, then the CA MUST use the Canonical Date Representation. |
Member
There was a problem hiding this comment.
I'd like to suggest pushing out this date a lot further into the future.
CAs relying on pre-validated data may need to go over all their records in order to adjust any misalignments with this new date format requirement. Seeing how we've had the EVGs for 10+ years without this as a requirement, it seems reasonable to align this effective date with the data reuse policy.
Member
Author
There was a problem hiding this comment.
Ah, yes, I entirely agree. I thought I pushed back this date (which was included in the original proposal), but I didn't.
Does 2026-03-15 work?
Member
There was a problem hiding this comment.
I would've suggested 2026-06-15, but I can also live with March.
There was a problem hiding this comment.
I think 2026-06-15 is a reasonable timeline for its implementation. Gives ample time to all.
| A. **Legal Existence**: Verify that the Applicant is a legally recognized Government Entity, in existence in the political subdivision in which such Government Entity operates. | ||
| B. **Entity Name**: Verify that the Applicant's formal legal name matches the Applicant's name in the EV Certificate Request. | ||
| C. **Registration Number**: The CA MUST attempt to obtain the Applicant's date of incorporation, registration, or formation, or the identifier for the legislative act that created the Government Entity. In circumstances where this information is not available, the CA MUST enter appropriate language to indicate that the Subject is a Government Entity. | ||
| C. **Registration Number or Date of Formation**: Attempt to obtain the specific Registration Number assigned to the Applicant by the Incorporating or Registration Agency in the Applicant's Jurisdiction of Incorporation or Registration. Where the Registration Agency does not assign a Registration Number, the CA SHALL attempt to obtain the Applicant's Date of Formation. |
There was a problem hiding this comment.
Is it intentional that we're removing the possibility of using the legislative identifier? I'm not necessarily opposed, as most validation agents lack the necessary knowledge, and possibly access to ascertain such identifiers, but we may want to discuss this a bit.
| A. **Legal Existence**: Verify that the Applicant is a legally recognized International Organization Entity. | ||
| B. **Entity Name**: Verify that the Applicant's formal legal name matches the Applicant's name in the EV Certificate Request. | ||
| C. **Registration Number**: The CA MUST attempt to obtain the Applicant's date of formation, or the identifier for the legislative act that created the International Organization Entity. In circumstances where this information is not available, the CA MUST enter appropriate language to indicate that the Subject is an International Organization Entity. | ||
| C. **Date of Formation**: Attempt to obtain the Applicant's Date of Formation. |
There was a problem hiding this comment.
Same question as above regarding removal of the possibility of using a legislative identifier.
| __Contents__: For Private Organizations, this field MUST contain the Registration (or similar) Number assigned to the Subject by the Incorporating or Registration Agency in its Jurisdiction of Incorporation or Registration, as appropriate. If the Jurisdiction of Incorporation or Registration does not provide a Registration Number, then the date of Incorporation or Registration SHALL be entered into this field in any one of the common date formats. | ||
| __Contents__: For Private Organizations, the CA SHALL include the Registration Number that it obtained and verified in accordance with [Section 3.2.2.2.1](#32221-verification-requirements) (1.A). If the Jurisdiction of Incorporation or Registration does not provide a Registration Number, then the CA SHALL include the Date of Formation in any one of the common date formats. Effective 2026-06-15, if the CA includes the Date of Formation, then the CA MUST use the Canonical Date Representation. | ||
|
|
||
| For Government Entities, the CA SHALL include the Registration Number that it obtained and verified in accordance with [Section 3.2.2.2.1](#32221-verification-requirements) (1.B). If the Jurisdiction of Incorporation or Registration does not provide a Registration Number, then the CA SHALL include the Date of Formation in any one of the common date formats. If no verifiable Date of Formation could be obtained for the Applicant, then the CA SHALL include appropriate language to indicate that the Subject is a Government Entity (e.g., the string "Government Entity", the name or identifier of the legislative act that created the Government Entity, etc.). Effective 2026-06-15, if the CA includes the Date of Formation, then the CA MUST use the Canonical Date Representation. |
There was a problem hiding this comment.
If we're getting rid of the legislative identifier above, we should probably get rid of it here as well.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves #515.