Section 3 Editorial

[lachellel]

Additional comments received on Section 3

Organization / Program	PDF Line	Comment	Change
FPKIMA	501-502	Organization Validation certificates are to allow consumers, partners, and other relying parties to identify the U.S. Government as the subject. Government was left out.	Add the word Government after U.S. at the end of the sentence.
FPKIMA	506	The line: "If the Subject Identity Information is to include the name of our organization (o=U.S. Government)" is awkward. Just state what you mean.	Change: "If the Subject Identity Information is to include the name of our organization (o=U.S. Government)" to "If the Subject Identity Information includes o=U.S. Government"
FPKIMA	510-517	The first item for verification doesn't really make sense since it will be a U.S. Government agency that will be making the request: 1. A government agency in the jurisdiction of the Applicant’s legal creation, existence, or recognition; Item 3 that is not allowed should just be removed. Lines 516-517 state that the CA can use 1-4, but 3 is not allowed.	Combine items 1 and 4 (note: item 3 should just be dropped.) Change to: 1. An attestation letter on Government organization Letterhead signed by an individual of authority. 2. A third party database that is… The CA may use the same documentation or communications described in 1 or 2 above... In Item 1, Government organization is used, because as the Practice Note states, the application may not be an Agency.
FPKIMA	514	Since this is a first draft, probably can take out not allowed and other entries from previous versions of the BRs.	Take out not allowed entries
NSA	472	Make a statement about subscriber common names being unique.
DoD	480-483	CPS needs to describe all procedures, not just this one. This needs to be stated as a requirement without CPS part.	Unbold the text.
DoD	492, 493, 504	The word "and" is in bold text here, but nowhere else in the document	Need to make this sentence into an actual sentence.
DoD	506-508, 518-523	The sentence on lines 506-508 along with the practice note are entirely confusing. I think the issue is the use of the word "organization" which seems to both mean the entire U.S. Government and the specific department or agency that is requesting the certificate within the same sentence.	Need to make this sentence into an actual sentence.
NSA	506	Use of the word 'our' is pretty unusual…	change to 'the organization'?
DoD	515	How is an attestation letter verified?	Need to make this sentence into an actual sentence.
DoD	525	Need to spell out DBA	Recommend combining fragment and second sentence into one complete sentence
DoD	527	Need to spell out TLD	Spell out acronym and define what a CAA is.
DoD		DoDI is spelled out incorrectly	Change Department of Defense Issuances Informational (DoDI) 8410 to the correct citation "Department of Defense Instruction (DoDI) 8410.01"
DoD	555		First time the acronym is used
DoD	575-576	Sentence fragment	Replace "No stipulation" with "See section 4.9."
DoD	603-605	Sentence fragment	Fix sentence for correctness, either be removing the term "technically constrained" or by saying that CAs that issue certificates under this CP are technically constrained.
DoD	607-608	Sentence fragment	Reword as "Modification is defined as the re-issuance of a certificate with the same public key and validity period and changes to other information contained in the certificate such as identity, policies, or key usage."
NSA	628	the CA or affiliated government agencies', isn't this everybody? Who else would have a 'Reliable Data Source', if we ruled out all of government?	limit 'affiliated government agencies' to those running the PKI.
DoD	675-678	A CA cannot control who issues it a certificate. Trust is limited by not issuing certificates.	Delete this sentence
DoD	681-684	Delete these subsections	Delete the "No stipulation" text, and delete the parentheses and "Note" from the stipulation, just state the text contained in the note.

[lachellel]

All items addressed with change or no change.

specific comments:

• For: the CA or affiliated government agencies', isn't this everybody? Who else would have a 'Reliable Data Source', if we ruled out all of government
  • the clause is "if the primary purpose of the database is to collect information for the purpose of fulfilling the validation requirements"

[lachellel]

closed by PR #498