<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
+1<br>
<br>
<div class="moz-cite-prefix">On 3/5/2021 9:16 μ.μ., Russ Housley via
Smcwg-public wrote:<br>
</div>
<blockquote type="cite"
cite="mid:010001793371f27f-bee495a6-3da0-441b-ae9d-2c707d22a90d-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<br class="">
<div><br class="">
<blockquote type="cite" class="">
<div class="">On May 3, 2021, at 1:21 PM, Corey Bonnell via
Smcwg-public <<a href="mailto:smcwg-public@cabforum.org"
class="" moz-do-not-send="true">smcwg-public@cabforum.org</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div class="WordSection1" style="page: WordSection1;
caret-color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant-caps:
normal; font-weight: normal; letter-spacing: normal;
text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; word-spacing: 0px;
-webkit-text-stroke-width: 0px; text-decoration: none;">
<div style="margin: 0in; font-size: 11pt; font-family:
Calibri, sans-serif;" class="">Hello,<o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt; font-family:
Calibri, sans-serif;" class="">As discussed on last
week’s call, we indicated a desire to require validation
of email addresses that are contained in a subset of SAN
types. I think we all agreed that rfc822Names must be
validated, but there was a discussion on otherNames. The
IANA registry for otherNames is located here:<span
class="Apple-converted-space"> </span><a
href="https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.8"
style="color: rgb(5, 99, 193); text-decoration:
underline;" class="" moz-do-not-send="true">https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.8</a><o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt; font-family:
Calibri, sans-serif;" class=""><o:p class=""> </o:p></div>
<div style="margin: 0in; font-size: 11pt; font-family:
Calibri, sans-serif;" class="">From this registry, the
only entry that I can see as requiring validation in an
S/MIME context is id-on-SmtpUTF8Mailbox (which I brought
up on the call); all the other ones appear to be
unrelated. Given this, I believe for the legacy profile,
we can safely state that all rfc822Names and otherNames
of type id-on-SmtpUTF8Mailbox must be validated and
otherNames of any other type do not need to be validated
(such as UPN, etc).<o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt; font-family:
Calibri, sans-serif;" class=""><o:p class=""> </o:p></div>
<div style="margin: 0in; font-size: 11pt; font-family:
Calibri, sans-serif;" class="">Thoughts?<o:p class=""></o:p></div>
</div>
</div>
</blockquote>
<br class="">
</div>
<div>I agree that id-on-SmtpUTF8Mailbox needs to be validated, if
it is present. You can learn more about it in RFC 8398.</div>
<div><br class="">
</div>
<div>Russ</div>
<br class="">
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Smcwg-public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Smcwg-public@cabforum.org">Smcwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/smcwg-public">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a>
</pre>
</blockquote>
<br>
</body>
</html>