<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">+1<div class=""><br class=""></div><div class="">I think is important not to mix the roles of an external RA and the very common case of a restricted access for prevalidated combinations of organisational fields (O, L, ST, C) and domains.</div><div class=""><br class=""></div><div class="">At the end, the “rule of thumb” is that everything that goes in a certificate needs to be validated, either ad-hoc at the moment of issuance, either with a pre-validation strategy aimed to “Corporate” certificates.</div><div class=""><br class=""></div><div class="">BR/Pedro<br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On 5 Aug 2021, at 11:06, Adriano Santoni via Smcwg-public <<a href="mailto:smcwg-public@cabforum.org" class="">smcwg-public@cabforum.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" class="">
<div class=""><p class=""><font face="Calibri" class="">I fully agree with Dimitris.</font></p><p class=""><font face="Calibri" class="">Thanks,</font></p><p class=""><font face="Calibri" class="">Adriano</font></p><p class=""><font face="Calibri" class=""></font><br class="">
</p>
<div class="moz-cite-prefix">Il 05/08/2021 09:55, Dimitris
Zacharopoulos (HARICA) via Smcwg-public ha scritto:<br class="">
</div>
<blockquote type="cite" cite="mid:0100017b154f2a2c-fc4a829b-dbca-4191-82c6-852965981f4f-000000@email.amazonses.com" class=""><br class="">
<br class="">
On 5/8/2021 10:39 π.μ., Wiedenhorst, Matthias via Smcwg-public
wrote:
<br class="">
<blockquote type="cite" class="">- Natural person associated with a legal
person ("Sponsored")
<br class="">
These unsurprisingly already match with the typical subject
types and for example also with the definition of possible
subject as given in ETSI EN 319 411-1.
<br class="">
In my opinion it should be up to the CA whether they want to
sell all of these profiles on a retail basis or if some are only
available through Enterprise RAs. But maybe in that case,
"Sponsored" is not the very best name for that profile
anymore...
<br class="">
</blockquote>
<br class="">
I shared that same observation at yesterday's call.
<br class="">
<br class="">
One could request a certificate that contains an organization name
and individual information in the subject, including a validated
email address. This doesn't need to be "sponsored".
<br class="">
<br class="">
Stephen mentioned that this would fit under the "individual"
profile, but with a "corporate" flavor.
<br class="">
<br class="">
The responsibility of the CA is to "bind" a key with attributes of
a specific natural person or legal entity. If the subject of the
certificate is a "natural person, associated with a legal entity",
after the CA validates control of a specific email address, the CA
would need to bind the organization attributes (countryName,
organizationName, etc) and personal attributes (givenName,
surname) with the same Applicant.
<br class="">
<br class="">
I had reservations about the "sponsored" title early in our
discussions because whether it is "sponsored" or not, from a
certificate profile perspective, is irrelevant. As Matthias
pointed out, the "sponsored" flavor is more of a "delegation of
validation duties" issue rather than a certificate profile issue.
<br class="">
<br class="">
The word "Corporate" instead of "Sponsored" and a detailed
description that it is related to an "Individual associated with
an Organization" seems preferable.
<br class="">
<br class="">
<br class="">
Thanks,
<br class="">
Dimitris.
<br class="">
_______________________________________________
<br class="">
Smcwg-public mailing list
<br class="">
<a class="moz-txt-link-abbreviated" href="mailto:Smcwg-public@cabforum.org">Smcwg-public@cabforum.org</a>
<br class="">
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/smcwg-public">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a>
<br class="">
</blockquote>
</div>
_______________________________________________<br class="">Smcwg-public mailing list<br class=""><a href="mailto:Smcwg-public@cabforum.org" class="">Smcwg-public@cabforum.org</a><br class="">https://lists.cabforum.org/mailman/listinfo/smcwg-public<br class=""></div></blockquote></div><br class=""><div class="">
<div dir="auto" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><font class="" style="color: rgb(0, 0, 0); font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-position: normal; font-variant-caps: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><b class=""><font color="#f62400" class="" style="font-size: 11px;"><br class="Apple-interchange-newline">WISeKey SA<br class=""></font></b></font><div class="" style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-caps: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><font class="" style="color: rgb(0, 0, 0); font-size: 12px; font-weight: normal; font-style: normal;"><span class="" style="font-size: 11px;"><b class="">Pedro Fuentes<br class=""></b>CSO - Trust Services Manager</span><br class=""><font size="1" class="">Office: + 41 (0) 22 594 30 00<br class="">Mobile: + 41 (0) </font></font><span style="color: rgb(0, 0, 0); font-size: x-small; font-weight: normal; font-style: normal;" class="">791 274 790</span></div><div class="" style="color: rgb(0, 0, 0); font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-position: normal; font-variant-caps: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><font class=""><font size="1" class="">Address: 29, Rte de Pré-Bois - CP 853 | Geneva 1215 CH - Switzerland</font><br class=""><font size="1" class=""><b class="">Stay connected with <a href="http://www.wisekey.com" class=""><font color="#f62400" class="">WISeKey</font></a><br class=""></b></font></font><span class="" style="color: rgb(169, 169, 169); font-size: 10px; orphans: 2; widows: 2;"><br class=""></span></div><div class="" style="color: rgb(0, 0, 0); font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-position: normal; font-variant-caps: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><div class="" style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal;"><span class="" style="orphans: 2; widows: 2;"><font size="1" color="#78a600" class=""><b class="">THIS IS A TRUSTED MAIL</b>: This message is digitally signed with a WISeKey identity. If you get a mail from WISeKey please check the signature to avoid security risks</font></span></div><div class="" style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal;"><span class="" style="orphans: 2; widows: 2; font-size: 9px;"><font color="#a9a9a9" class=""><br class=""></font></span></div><div class="" style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal;"><div class="" style="orphans: 2; widows: 2;"><font color="#a9a9a9" class="" style="font-size: 9px;"><b class="">CONFIDENTIALITY: </b>This email and any files transmitted with it can be confidential and it’s intended solely for the use of the individual or entity to which they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. If you have received this email in error please notify the sender</font></div><div class="" style="orphans: 2; widows: 2;"><font color="#a9a9a9" class="" style="font-size: 9px;"><br class=""></font></div><div class="" style="orphans: 2; widows: 2;"><font color="#a9a9a9" class="" style="font-size: 9px;"><b class="">DISCLAIMER: </b>WISeKey does not warrant the accuracy or completeness of this message and does not accept any liability for any errors or omissions herein as this message has been transmitted over a public network. Internet communications cannot be guaranteed to be secure or error-free as information may be intercepted, corrupted, or contain viruses. Attachments to this e-mail are checked for viruses; however, we do not accept any liability for any damage sustained by viruses and therefore you are kindly requested to check for viruses upon receipt.</font></div></div></div></div></div></div></div></div></div></div></div></div>
</div>
<br class=""></div></body></html>