W3C home > Mailing lists > Public > public-usable-authentication@w3.org > September 2008

Organization attribute

From: Philipp Gühring <pg@futureware.at>
Date: Mon, 08 Sep 2008 20:44:42 +0200
Message-ID: <48C5729A.9020703@futureware.at>
To: public-usable-authentication@w3.org

Hi,

"To derive a human-readable subject name from an AAC, user agents MUST
use the Subject field's Organization (O) attribute.
If the certificate's Subject field does not have an Organization
attribute, then user agents MUST NOT consider the certificate as an
augmented assurance certificate, even if it chains up to an AA-qualified
trust root. User agents MAY consider such a certificate as an ordinary
validated certificate."

The CPS's of several CA's are clearly stating that certificates for
non-registered organisations (universities, communities, partnerships,
....) or non-organisations (individuals, ...) must not contain an
Organization attribute.

Taking those 2 things together, this guideline is discriminating against
a large amount of people and institutions.

My current idea to somewhat solve this problem is to use either
Oraganization(O), or Surname(SN) + GivenName(GN) in case O is not available.

Best regards,
Philipp Gühring
Received on Tuesday, 9 September 2008 08:41:41 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:34:15 GMT