OrganizationIdentifier for Gov entities

[srdavidson]

It has been raised that it may be difficult to find identifiers for some governmental entities in the current scheme defined in Appendix A (and is largely adopted from ETSI EN 319 412-1 clause 5.1.4).

https://www.etsi.org/deliver/etsi_en/319400_319499/31941201/01.04.04_60/en_31941201v010404p.pdf

One way to deal with this is to add to Appendix A the text that is described in ETSI EN 319 412-1 clause 5.1.4 item 5 - perhaps defining a new tag like "GE". Whatever approach is adopted, we should liaise with ETSI in order to avoid complicating crossover use of OrgID by Orgs between SMIME and ETSI certificates.

[XolphinMartijn]

@srdavidson I'm inclined to say this is already covered in https://github.com/cabforum/smime/blob/main/SBR.md#71422-subject-distinguished-name-fields section 7.1.4.2.2 (d) Note 2:

"Note 2: For the following types of entities that do not have an identifier from the Registration Schemes listed in Appendix A:

• For Government Entities, the CA SHALL enter the Registration Scheme identifier ‘GOV’ followed by the 2 character ISO 3166 country code for the nation in which the Government Entity is located. If the Government Entity is verified at a subdivision (state or province) level, then a plus "+" (0x2B (ASCII), U+002B (UTF-8)) followed by a 2 character ISO 3166-2 identifier for the subdivision is added.
• For International Organization Entities, the CA SHALL enter the Registration Scheme identifier ‘INT’ followed by the ISO 3166 code "XG". An International Organization Entity is founded by a constituent document, e.g., a charter, treaty, convention or similar document, signed by, or on behalf of, a minimum of two Sovereign State governments.

For example:

• GOVUS (Government Entity, United States)
• GOVUS+CA (Government Entity, United States - California)
• INTXG (International Organization)"

I would however propose that we add this also to Appendix A, as clarification