-
Notifications
You must be signed in to change notification settings - Fork 106
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FR: Detect country name in stateOrProvinceName #597
Comments
Can you suggest something specific here that you think we're missing? What requirements in BRs, RFCs, or root programs are not being checked today? As stated, I think that this issue is too broad to be readily addressable (or for us to even know if there is something to fix in ZLint). |
This is not explicitly a requirement of the BRs. I think this is WontFix for now, or at best a request for a The context here is the issue around |
The requirement, FWIW, is 7.1.4.2.2(e) of the current requirements. |
Maybe a better solution would be to detect the full country name in
I understand it as if and only if, so putting the country name |
What data source would be used to compare this information to? |
They are on Wikipedia and in the ISO norm. That norm is not free, but they kindly provide sources like in https://www.iso.org/obp/ui/#iso:code:3166:PL, so List source, so it could be rebuilt from source. |
The PKI Consortium would like to bring the following lint to your attention: The initial goal of the lint is to identify incorrect values by combining multiple authoritative data sources. Currently the data is obtained directly from the European Union and combined with data from the ISO 3166-2. We also created a runner to test the lint against the crt.sh database: The systems can support additional sources, including a manual source, but the process for manually adding and reviewing entries has not been defined. The intent is that we have multiple region owners that need to verify the regional data changes with the official government data before the approving. https://github.com/pkic/regions/ Together with the Universal Postal Union (a United Nations specialized agency) we are discussing common problems, best practices, and to see if we can extend the capabilities into locality, postal codes, and actual addresses where applicable. The PKI Consortium is comprised of leading organizations that are committed to improve, create, and collaborate on generic, industry or use-case specific policies, procedures, best practices, standards, and tools that advance trust in assets and communication for everyone and everything using Public Key Infrastructure (PKI) as well as the security of the internet in general. We welcome and encourage anyone that can add value to join us to support projects like these and others: https://pkic.org/join/ |
Why do all provinces have |
When you look at the data you can see the following: # Holy Cross
- codes:
euvoc: http://eurovoc.europa.eu/7971
iso3166-2: PL-26
names:
- name: Holy Cross
sources:
- name: euvoc
languages: [en]
value: Holy Cross province The codes on the first lines map back to the source of the information. As you can see in the authoritative data source (http://eurovoc.europa.eu/7971) these values are reported as such by the local governments. We retain the original value under |
The data is not even consistent. Some entries have
|
I think the last few comments are probably better captured as issues/discussion on the https://github.com/pkic/regions/ repository instead of here. Thanks! |
This project is in active development, we are reviewing the data and results, so we really appreciate all feedback. You always need check it in relation to the authoritative source.
Let have these discussions about the pkic/regions project/data directly at the repository as @cpu suggested. |
I think a basic warning level lint for a country name appearing in the A warning here would still be benefical here though, and given there is a list of country names available (even if there isn't a list including every variation of the name, we only need a few common ones to warn here) perhaps it could give CAs a starting point to investigate their ST values further to see if some level of misissuance is occuring. |
@FozzieHi For a "warning level lint for a country name appearing in the stateOrProvinceName field", how would you handle name collisions? For example, "Georgia" is both a State in the U.S. and a Country in Europe. |
@robstradling The simple way would be to tie the country name in the ST field to the |
There have been many cases of misissuance with an invalid
stateOrProvinceName
. Having a lint warning for that would help detect them.The text was updated successfully, but these errors were encountered: