Organization attribute from Philipp Gühring on 2008-09-08 (public-usable-authentication@w3.org from September 2008)

From: Philipp Gühring <pg@futureware.at>
Date: Mon, 08 Sep 2008 20:44:42 +0200
To: public-usable-authentication@w3.org
Message-ID: <48C5729A.9020703@futureware.at>

Hi,

"To derive a human-readable subject name from an AAC, user agents MUST
use the Subject field's Organization (O) attribute.
If the certificate's Subject field does not have an Organization
attribute, then user agents MUST NOT consider the certificate as an
augmented assurance certificate, even if it chains up to an AA-qualified
trust root. User agents MAY consider such a certificate as an ordinary
validated certificate."

The CPS's of several CA's are clearly stating that certificates for
non-registered organisations (universities, communities, partnerships,
....) or non-organisations (individuals, ...) must not contain an
Organization attribute.

Taking those 2 things together, this guideline is discriminating against
a large amount of people and institutions.

My current idea to somewhat solve this problem is to use either
Oraganization(O), or Surname(SN) + GivenName(GN) in case O is not available.

Best regards,
Philipp Gühring

Received on Tuesday, 9 September 2008 08:41:41 UTC