[Smcwg-public] CommonNames, Pseudonyms, GivenNames and Surnames

Clint Wilson clintw at apple.com
Mon Jul 17 18:15:56 UTC 2023 

Hi Rob,

I think minimally filing an issue in https://github.com/cabforum/smime/issues would be a good thing to do to track this potential conflict.
FWIW, I also think the issue identified is indeed an issue (though probably not major) and your proposed updates seem reasonable to me as well.

Cheers,
-Clint

> On Jul 13, 2023, at 6:52 AM, Robert Lee via Smcwg-public <smcwg-public at cabforum.org> wrote:
> 
> Dear all,
>  
> I’m emailing because I think some further clarification may be needed in section 7.1.4.2.2(a) around commonNames as Personal Names or Pseudonyms (capital ‘P’ based on SMC03 changes).
>  
> What I think is needed is to align some of the uses of commonNames with the existing rules around if subject:pseudonym is present then subject:givenName/subject:surname SHALL NOT be present and the vice versa rule.  My understanding/assumption is that the pseudonym/givenName/surname rules are in place to make an SMIME certificate a Pseudonym cert or a Personal Name cert and not to be both at the same time (especially as putting one’s name into the cert would dramatically reduce any privacy afforded by using a Pseudonym).
>  
> However, the options for commonName in sponsor and individual validated certificates don't entirely work with the above as currently you _could_ have a subject:pseudonym and then put your Personal Name in the commonName which doesn't track with my understanding/assumption of what the pseudonym/givenName/surname rules are supposed to achieve.
>  
> I don’t think it’s a difficult thing to fix though.  Adding the following lines to 7.1.4.2.2(a) should close this hole effectively enough:
>  
> “If the subject:commonName contains a Pseudonym, then the subject:givenName and/or subject:surname attributes SHALL NOT be present.”
>  
> “If the subject:commonName contains a Personal Name, then the subject:pseudonym attribute SHALL NOT be present.”
>  
> If people broadly agree with my suggestion then I’m happy to make a PR into the BRs or somewhere else if, like SMC03, there’ll be a branch collecting changes in someone’s fork of the document.
>  
> Best Regards,
> Rob
>  
> Dr. Robert Lee MEng PhD
> Senior Software Engineer with Cryptography SME
> www.globalsign.co.uk <http://www.globalsign.co.uk/>|www.globalsign.eu <http://www.globalsign.eu/>
>  
> _______________________________________________
> Smcwg-public mailing list
> Smcwg-public at cabforum.org <mailto:Smcwg-public at cabforum.org>
> https://lists.cabforum.org/mailman/listinfo/smcwg-public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20230717/cdc430c5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3621 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20230717/cdc430c5/attachment.p7s>

More information about the Smcwg-public mailing list