<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<br>
<div class="moz-cite-prefix">On 18/5/2018 2:51 πμ, Ryan Sleevi via
Public wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CACvaWvbDFA2pN1sPV4xDqW2QqCi75iJxJCZ1QoO4JC-zY0zw6g@mail.gmail.com">
<div dir="ltr">I don't think it's a cross-EKU situation, though,
but I'm glad we're in agreement.
<div><br>
</div>
<div>An email server certificate is an id-kp-serverAuth EKU.
That's already covered by another WG</div>
</div>
</blockquote>
<br>
I sincerely hope that id-kp-clientAuth EKU will also be covered by
this WG since there will be common validation requirements for
Subject information, as with S/MIME. It seems too much overhead to
spawn an entirely different WG to deal just with clientAuth.<br>
<br>
If people agree, how about using the name "Client and S/MIME
Certificate WG" which seems aligned with the "Server Certificate
WG"?<br>
<br>
<br>
Dimitris.<br>
<br>
<br>
<blockquote type="cite"
cite="mid:CACvaWvbDFA2pN1sPV4xDqW2QqCi75iJxJCZ1QoO4JC-zY0zw6g@mail.gmail.com">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, May 17, 2018 at 7:49 PM, Tim
Hollebeek via Public <span dir="ltr"><<a
href="mailto:public@cabforum.org" target="_blank"
moz-do-not-send="true">public@cabforum.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="white" lang="EN-US">
<div class="gmail-m_-6651994668834345974WordSection1">
<p class="MsoNormal"><span style="color:windowtext">My
personal opinion is that cross-EKU chimeras should
not exist. I realize they’re extremely common in
the industry, but they’re bad.</span></p>
<p class="MsoNormal"><span style="color:windowtext"> </span></p>
<p class="MsoNormal"><span style="color:windowtext">DigiCert
has had a long and vigorous internal discussion
about the correct number of EKUs in a certificate.
I’m a strong proponent of the “exactly one”
position, but other people have differing opinions.</span></p>
<p class="MsoNormal"><span style="color:windowtext"> </span></p>
<p class="MsoNormal"><span style="color:windowtext">I
see Ryan agreeing; I think we should do whatever we
can to make sure the Working Groups have disjoint
and clearly defined scopes.</span></p>
<p class="MsoNormal"><span style="color:windowtext"> </span></p>
<p class="MsoNormal"><span style="color:windowtext">-Tim</span></p>
<p class="MsoNormal"><span style="color:windowtext"> </span></p>
<div
style="border-top:none;border-right:none;border-bottom:none;border-left:1.5pt
solid blue;padding:0in 0in 0in 4pt">
<div>
<div
style="border-right:none;border-bottom:none;border-left:none;border-top:1pt
solid rgb(225,225,225);padding:3pt 0in 0in">
<p class="MsoNormal"><b><span
style="color:windowtext">From:</span></b><span
style="color:windowtext"> Moudrick M. Dadashov
[mailto:<a href="mailto:md@ssc.lt"
target="_blank" moz-do-not-send="true">md@ssc.lt</a>]
<br>
<b>Sent:</b> Thursday, May 17, 2018 7:30 PM<br>
<b>To:</b> Tim Hollebeek <<a
href="mailto:tim.hollebeek@digicert.com"
target="_blank" moz-do-not-send="true">tim.hollebeek@digicert.com</a>>;
CA/Browser Forum Public Discussion List <<a
href="mailto:public@cabforum.org"
target="_blank" moz-do-not-send="true">public@cabforum.org</a>><br>
<b>Subject:</b> Re: [cabfpub] For Discussion:
S/MIME Working Group Charter</span></p>
</div>
</div>
<div>
<div class="gmail-h5">
<p class="MsoNormal"> </p>
<p class="MsoNormal" style="margin-bottom:12pt"><span
style="font-family:Cambria,serif">Email server
certificates not included?<br>
<br>
Thanks,<br>
M.D.</span></p>
<div>
<p class="MsoNormal">On 5/18/2018 1:49 AM, Tim
Hollebeek via Public wrote:</p>
</div>
<blockquote
style="margin-top:5pt;margin-bottom:5pt">
<p class="MsoNormal">Oops, missed a spot:</p>
<p class="MsoNormal"> </p>
<div
style="border-top:none;border-right:none;border-bottom:none;border-left:1.5pt
solid blue;padding:0in 0in 0in 4pt">
<p class="MsoNormal">1. To specify S/MIME
Baseline Requirements, Extended Validation
Guidelines, Network and Certificate System
Security Requirements, and other acceptable
practices for the issuance and management of
S/MIME certificates used to sign and encrypt
emails.</p>
<p class="MsoNormal"> </p>
</div>
<p class="MsoNormal"><br>
<br>
<br>
</p>
<pre>______________________________<wbr>_________________</pre>
<pre>Public mailing list</pre>
<pre><a href="mailto:Public@cabforum.org" target="_blank" moz-do-not-send="true">Public@cabforum.org</a></pre>
<pre><a href="https://cabforum.org/mailman/listinfo/public" target="_blank" moz-do-not-send="true">https://cabforum.org/mailman/<wbr>listinfo/public</a></pre>
</blockquote>
<p class="MsoNormal"> </p>
</div>
</div>
</div>
</div>
</div>
<br>
______________________________<wbr>_________________<br>
Public mailing list<br>
<a href="mailto:Public@cabforum.org" moz-do-not-send="true">Public@cabforum.org</a><br>
<a href="https://cabforum.org/mailman/listinfo/public"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://cabforum.org/mailman/<wbr>listinfo/public</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</pre>
</blockquote>
<br>
</body>
</html>