[Smcwg-public] Same email addresses in S/MIME certs with different, and unaffiliated Subjects
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Thu Sep 21 07:58:31 UTC 2023
On 21/9/2023 10:49 π.μ., Adriano Santoni via Smcwg-public wrote:
>
> Hi all,
>
> there is another aspect about which I have some doubts; I apologize if
> this has already been discussed previously and I missed the discussion.
>
> The same mailbox can very well (nothing prevents it) be accessible by
> two different subjects A and B who have nothing to do with each other
> (that is, are not affiliated). There are valid and understandable
> reasons why this situation occurs, in practice.
>
> But, consequently, if the validation of the mailbox is done with the
> email-based method, S/MIME certificates can be issued which contain
> the same email address but completely different and unaffiliated
> Subjects (respectively A and B).
>
> I understand that this is allowed by the S/MIME BR, if I'm not
> mistaken, and I wonder if this is expected and accepted, or it would
> be (have been) better avoided.....
>
> Any comments welcome!
>
IMO this is totally expected and accepted, same as with TLS Certificates
as you correctly mentioned.
Dimitris.
> Adriano
>
> ACTALIS S.p.A.
>
> PS: I am aware that similar situations can also occur with TLS
> certificates.
>
>
>
> _______________________________________________
> Smcwg-public mailing list
> Smcwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/smcwg-public
More information about the Smcwg-public
mailing list