<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1644852446;
mso-list-template-ids:-2006266414;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal>Hi Russ,<o:p></o:p></p><p class=MsoNormal>I think for the SAN extension, a clarifying statement is unnecessary as rfc822Name must unconditionally be encoded as an IA5String. I agree that such a clarification would be useful to mandate the use of UTF8String for any subject attribute that contains an email address, such as CN (except for E, which must be an IA5String).<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Thanks,<o:p></o:p></p><p class=MsoNormal>Corey<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> Smcwg-public <smcwg-public-bounces@cabforum.org> <b>On Behalf Of </b>Russ Housley via Smcwg-public<br><b>Sent:</b> Friday, November 20, 2020 1:05 AM<br><b>To:</b> Stephen Davidson <Stephen.Davidson@digicert.com><br><b>Cc:</b> SMIME Certificate Working Group <smcwg-public@cabforum.org><br><b>Subject:</b> Re: [Smcwg-public] email addresses in S/MIME certificates<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>FROM RFC 5280:<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal> Implementers should note that the at sign ('@') and underscore ('_')<o:p></o:p></p></div><div><p class=MsoNormal> characters are not supported by the ASN.1 type PrintableString.<o:p></o:p></p></div><div><p class=MsoNormal> These characters often appear in Internet addresses. Such addresses<o:p></o:p></p></div><div><p class=MsoNormal> MUST be encoded using an ASN.1 type that supports them. They are<o:p></o:p></p></div><div><p class=MsoNormal> usually encoded as IA5String in either the emailAddress attribute<o:p></o:p></p></div><div><p class=MsoNormal> within a distinguished name or the rfc822Name field of GeneralName.<o:p></o:p></p></div><div><p class=MsoNormal> Conforming implementations MUST NOT encode strings that include<o:p></o:p></p></div><div><p class=MsoNormal> either the at sign or underscore character as PrintableString.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Do we want to say anything about using IA5String or UTF8String?<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Russ<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><br><br><o:p></o:p></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal>On Nov 19, 2020, at 5:11 PM, Stephen Davidson via Smcwg-public <<a href="mailto:smcwg-public@cabforum.org">smcwg-public@cabforum.org</a>> wrote:<o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>To date our discussion related to email addresses in S/MIME has been a general reference to rfc822Name along the lines of:<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div style='margin-left:.5in'><p class=MsoNormal>Extension ID: subjectAlternateName<o:p></o:p></p></div><div style='margin-left:.5in'><p class=MsoNormal>Required?: Yes<o:p></o:p></p></div><div style='margin-left:.5in'><p class=MsoNormal>Critical: Yes if the subject is an empty sequence; otherwise, SHOULD NOT be critical<o:p></o:p></p></div><div style='margin-left:.5in'><p class=MsoNormal>Permitted Value(s): MUST contain at least one rfc822Name value. MUST NOT contain values of type: dNSName, iPAddress, uniformResourceIdentifier. otherName values (such as Microsoft UPN) MAY be included if the value is identical to an rfc822Name expressed in the SAN extension. Any rfc822Name and otherName value in the Subject DN must be repeated in the SAN extension. Each rfc822Name and otherName value must be verified with publicly documented and audited measures in accordance with Section 3.2.2.<o:p></o:p></p></div><div style='margin-left:.5in'><p class=MsoNormal>References: RFC 5280, Section 4.2.1.6<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>S/MIME and rfc822Name has enjoyed a proliferation of standards which leads to the question:<o:p></o:p></p></div><ul style='margin-top:0in' type=disc><li class=MsoListParagraph style='margin-top:0in;margin-bottom:0in;mso-list:l0 level1 lfo1'>Do we wish to summarise those rules relating to rfc822Name in this standard or in an informative appendix?<o:p></o:p></li><li class=MsoListParagraph style='margin-top:0in;margin-bottom:0in;mso-list:l0 level1 lfo1'>Or do wish simply to provide a listing of the relevant standards?<o:p></o:p></li></ul><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>If the latter, I believe the most relevant would include RFC 5322 (internet message format, sections 3.2.3 and 3.4.1), RFC 3696 (informational, checking of names), and RFC 8398 (internationalized email addresses).<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>Missing anything? Comments?<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>Best regards, Stephen<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>RFC 5322: <a href="https://tools.ietf.org/html/rfc5322"><span style='color:#0563C1'>https://tools.ietf.org/html/rfc5322</span></a><o:p></o:p></p></div><div><p class=MsoNormal>RFC 3696: <a href="https://tools.ietf.org/html/rfc3696"><span style='color:#0563C1'>https://tools.ietf.org/html/rfc3696</span></a><o:p></o:p></p></div><div><p class=MsoNormal>RFC 8398:<span class=apple-converted-space> </span><a href="https://tools.ietf.org/html/rfc8398"><span style='color:#0563C1'>https://tools.ietf.org/html/rfc8398</span></a><o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif'>_______________________________________________<br>Smcwg-public mailing list<br></span><a href="mailto:Smcwg-public@cabforum.org"><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#0563C1'>Smcwg-public@cabforum.org</span></a><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif'><br></span><a href="https://lists.cabforum.org/mailman/listinfo/smcwg-public"><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#0563C1'>https://lists.cabforum.org/mailman/listinfo/smcwg-public</span></a><o:p></o:p></p></div></blockquote></div><p class=MsoNormal><o:p> </o:p></p></div></body></html>