View Issue Details

IDProjectCategoryView StatusLast Update
000999010000-012: DiscoverySpecpublic2025-02-25 16:32
ReporterMatthias Damm Assigned ToRandy Armstrong  
PrioritynormalSeverityminorReproducibilityhave not tried
Status assignedResolutionreopened 
Product Version1.05.04 
Target Version1.05.05 RC1 
Summary0009990: Inconsistent SubjectName requirements in Part 12 and Part 6
Description

There are inconsistent requirements for SubjectName in an Application Instance Certificate in Part 6 and Part 12

Part 6
Table 49 – Application Instance Certificate
subject requires CN and O (CommonName and Organization)
The Common Name attribute shall be specified and should be the productName or a suitable equivalent. The Organization Name attribute shall be the name of the Organization that executes the application instance. This organization is usually not the vendor of the application

Part 12
7.9.4 StartNewKeyPairRequest
Requires O or DC
If the certificateType is a subtype of ApplicationCertificateType the Certificate subject shall have an organization (O=) or domain name (DC=) field. The public key length shall meet the length restrictions for the CertificateType. The domain name field specified in the subject is a logical domain used to qualify the subject that may or may not be the same as a domain or IP address in the subjectAltName field of the Certificate.

I am not even sure where the strange text for DC is coming from and what use case it should cover

TagsNo tags attached.
Commit Version1.05.05
Fix Due Date2025-03-15

Relationships

related to 0009989 assignedRandy Armstrong 10000-006: Mappings Application Instance Certificate requirement for subject name should not refer to ProductName 
related to 0009624 resolvedMatthias Damm 10000-018: Role-Based Security Clarification for 'SubjectName' in Part 18 

Activities

Randy Armstrong

2024-12-06 03:23

administrator   ~0022187

Now require compliance with 4514.

Matthias Damm

2024-12-10 14:49

developer   ~0022204

This was NOT a request to introduce a breaking change for the string format that makes all existing applications incompatible with the specification!
The request was to sync requirements for mandatory fields in the Subject.

The proposed change does NOT address the issue. Besides the breaking change we are now silent about required fields.

Jim Luth

2024-12-17 16:59

administrator   ~0022228

Randy backed out his changes. Setting to assigned.

Jim Luth

2025-02-25 16:19

administrator   ~0022406

Last edited: 2025-02-25 16:22

Agreed to match the Part 12 requirements to match the existing Part 6 requirements plus the changes implied by 0009989.

Issue History

Date Modified Username Field Change
2024-10-22 12:00 Matthias Damm New Issue
2024-10-22 12:01 Matthias Damm Relationship added related to 0009989
2024-12-06 03:23 Randy Armstrong Assigned To => Randy Armstrong
2024-12-06 03:23 Randy Armstrong Status new => resolved
2024-12-06 03:23 Randy Armstrong Resolution open => fixed
2024-12-06 03:23 Randy Armstrong Note Added: 0022187
2024-12-06 09:40 Randy Armstrong Commit Version => 1.05.05 RC1
2024-12-10 14:49 Matthias Damm Status resolved => feedback
2024-12-10 14:49 Matthias Damm Resolution fixed => reopened
2024-12-10 14:49 Matthias Damm Note Added: 0022204
2024-12-17 16:59 Jim Luth Note Added: 0022228
2024-12-17 17:01 Jim Luth Status feedback => assigned
2025-02-25 08:06 Matthias Damm Relationship added related to 0009624
2025-02-25 16:19 Jim Luth Note Added: 0022406
2025-02-25 16:19 Jim Luth Commit Version 1.05.05 RC1 => 1.05.05
2025-02-25 16:19 Jim Luth Fix Due Date => 2025-03-15
2025-02-25 16:22 Jim Luth Note Edited: 0022406