[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Qualified Certificates draft - Country name

To: <stefan@xxxxxxxxxxx>, <tgindin@xxxxxxxxxx>
Subject: RE: Qualified Certificates draft - Country name
From: "Bob Jueneman" <BJUENEMAN@xxxxxxxxxx>
Date: Mon, 22 Feb 1999 12:08:46 -0700
Cc: <ietf-pkix@xxxxxxx>, <samiklo@xxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

Deja vu all over again.

As in nearly all of these issues, it is important to understand what 
you are trying to accomplish, and in particular what the semantics
are.

I can think of three or four reasons why one might want to have a country
listed in a DN:

1. To provide a globally unambiguous name or reference.  Generally 
speaking, neither corporate names nor geopolitical names are unique
across countries -- Georgia could be a state within the United States, or
a state within the former USSR. IBM Corp is probably IBM Corp 
throughout the world, because they are vigilant about enforcing their
trademark.  But if the Laird McDonald has anything to say about it,
McDonalds may be a protected name in every country but Scotland.

2.  To provide a pointer to the country where an organization is incorporated.
This is related to the unambiguous naming problem, but it may also have a legal
connotation regarding choice of laws, legal/cultural nomenclature and other
references, as well as providing some indication of where you should send any
official legal notices.  In the case of a residential person, this might be used to 
indicate the citizenship of the individual (in which case, what should be done 
about those who have dual citizenship?), which might also have legal and 
tax consequences.

3.  To define the particular location where some entity actually resides and/or 
does business.  For example, I don't believe that Novell has a subsidiary that
is incorporated in Saudi Arabia, but I wouldn't be surprised if we had a sales office
there.  Should we then say c=Saudi Arabia, o=Novell?  Probably not.  Instead,
maybe c=US, o=Novell, Inc., ou="Europe, Africa, Middle East", c=Saudi Arabia, 
ou="Sales Office 123" should be used.  In the case of a residential person, 
the country code might indicate his country of residence, at least for the purposes
of this certificate.  

If you really want to go off the deep end, consider someone 
who has dual citizenship in one of the two countries, but the other country refuses
to recognize the other country, and therefore refuses to recognize the individual's
second citizenship.  The individual maintains a primary domicile for purposes of 
taxes, driver's licenses, etc., and intends eventually to return there, but that 
domicile is in yet a third country.  The individual is presently residing in a 
fourth country on a temporary basis -- perhaps attending school there. 
But while visiting a fifth country for three months on a back-packing 
vacation with no fixed address, he decides he needs an Internet 
connection and subscribes to one located in a sixth country, which 
he accesses via an Iridium link.  What country code or codes
should he include in his qualified certificate?

Once you have answered that question, consider what to use in the 
case of a stateless person such as who was a citizen of a country which 
no longer exists, who has no permanent domicile, but who is presently 
living and working on an off-shore oil tower located in international waters.

Oh, and don't forget such interesting anomalies as the Federated Islands 
of Micronesia, which operate under a compact of free association with 
the United States, and have a postal code corresponding to that of a state 
or territory within the US, but yet they are a sovereign country.

And I haven't even mentioned international organizations, some of which 
fall under the auspices of the United Nations and some of which do not,
but yet are not subsidiaries of an organization that is incorporated in a
traditional country.  A multinational organization of scientists living in
Antarctica would be an interesting case to speculate about, for example,
in addition to NATO, the World Health Organization, etc.

What problem are you trying to solve?

Bob



>>> <tgindin@us.ibm.com> 02/22/99 10:05AM >>>
     If the major reason for DN's without country names is to allow
international organizations to avoid specifying a home country, one could
define a country code (probably "00") to mean that the organization
specified is international.  This is approximately what X.400 did with the
Administrative Management Domain field, which was originally mandatory.  If
corporations are to be permitted to declare themselves trans-national for
directory purposes (although very possibly they should not), they would get
a different numeric country code.

          Tom Gindin

These opinions are mine, and are not necessarily those of my employer.

Prev by Date: RE: Qualified Certificates draft - Country name
Next by Date: A web of directories
Previous by thread: RE: Qualified Certificates draft - Country name
Next by thread: RE: Qualified Certificates draft - Country name
Index(es):
- Date
- Thread