[Smcwg-public] CommonNames, Pseudonyms, GivenNames and Surnames
Clint Wilson
clintw at apple.com
Mon Jul 17 18:15:56 UTC 2023
Hi Rob,
I think minimally filing an issue in https://github.com/cabforum/smime/issues would be a good thing to do to track this potential conflict.
FWIW, I also think the issue identified is indeed an issue (though probably not major) and your proposed updates seem reasonable to me as well.
Cheers,
-Clint
> On Jul 13, 2023, at 6:52 AM, Robert Lee via Smcwg-public <smcwg-public at cabforum.org> wrote:
>
> Dear all,
>
> I’m emailing because I think some further clarification may be needed in section 7.1.4.2.2(a) around commonNames as Personal Names or Pseudonyms (capital ‘P’ based on SMC03 changes).
>
> What I think is needed is to align some of the uses of commonNames with the existing rules around if subject:pseudonym is present then subject:givenName/subject:surname SHALL NOT be present and the vice versa rule. My understanding/assumption is that the pseudonym/givenName/surname rules are in place to make an SMIME certificate a Pseudonym cert or a Personal Name cert and not to be both at the same time (especially as putting one’s name into the cert would dramatically reduce any privacy afforded by using a Pseudonym).
>
> However, the options for commonName in sponsor and individual validated certificates don't entirely work with the above as currently you _could_ have a subject:pseudonym and then put your Personal Name in the commonName which doesn't track with my understanding/assumption of what the pseudonym/givenName/surname rules are supposed to achieve.
>
> I don’t think it’s a difficult thing to fix though. Adding the following lines to 7.1.4.2.2(a) should close this hole effectively enough:
>
> “If the subject:commonName contains a Pseudonym, then the subject:givenName and/or subject:surname attributes SHALL NOT be present.”
>
> “If the subject:commonName contains a Personal Name, then the subject:pseudonym attribute SHALL NOT be present.”
>
> If people broadly agree with my suggestion then I’m happy to make a PR into the BRs or somewhere else if, like SMC03, there’ll be a branch collecting changes in someone’s fork of the document.
>
> Best Regards,
> Rob
>
> Dr. Robert Lee MEng PhD
> Senior Software Engineer with Cryptography SME
> www.globalsign.co.uk <http://www.globalsign.co.uk/>|www.globalsign.eu <http://www.globalsign.eu/>
>
> _______________________________________________
> Smcwg-public mailing list
> Smcwg-public at cabforum.org <mailto:Smcwg-public at cabforum.org>
> https://lists.cabforum.org/mailman/listinfo/smcwg-public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20230717/cdc430c5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3621 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20230717/cdc430c5/attachment.p7s>
More information about the Smcwg-public
mailing list