<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Roboto;
panose-1:2 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
h2
{mso-style-priority:9;
mso-style-link:"Heading 2 Char";
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:18.0pt;
font-family:"Calibri",sans-serif;
color:black;}
h3
{mso-style-priority:9;
mso-style-link:"Heading 3 Char";
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:13.5pt;
font-family:"Calibri",sans-serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.Heading2Char
{mso-style-name:"Heading 2 Char";
mso-style-priority:9;
mso-style-link:"Heading 2";
font-family:"Calibri",sans-serif;
color:black;
font-weight:bold;}
span.Heading3Char
{mso-style-name:"Heading 3 Char";
mso-style-priority:9;
mso-style-link:"Heading 3";
font-family:"Calibri",sans-serif;
color:black;
font-weight:bold;}
span.EmailStyle22
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<h2>Minutes of SMCWG<o:p></o:p></h2>
<p class="MsoNormal">September 1, 2021<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">These are the <span style="color:windowtext">Approved</span> Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.<o:p></o:p></p>
<h3>Attendees <o:p></o:p></h3>
<h3><span style="font-size:11.0pt;font-weight:normal">Adrian Mueller (SwissSign), Ali Gholami (Telia Company), Andrea Holland (SecureTrust), Andreas Henschel (D-TRUST), Atsushi Inaba (GlobalSign), Ben Wilson (Mozilla), Chris Kemmerer (SSL.com), Clint Wilson
(Apple), Corey Bonnell (DigiCert), Daniel Zens (GlobalTrust), Don Sheehy (WebTrust), Inigo Barreira (Sectigo), Janet Hines (SecureTrust), Joanna Fox (TrustCor), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (BuyPass), Mauricio Fernandez (TeleTrust),
Morad Abou Nasser (TeleTrust), Mrugesh Chandarana (IdenTrust), Niko Carpenter (SecureTrust), Patrycja Tulinska (PSW), Paul van Brouwershaven (Entrust), Rebecca Kelley (Apple), Sebastian Schulz (GlobalSign), Stefan Selbitschka (rundQuadrat), Stephen Davidson
(DigiCert), Tadahiko Ito (SECOM Trust Systems), Thomas Connelly (Federal PKI), Tim Crawford (WebTrust), Tsung-Min Kuo (Chunghwa Telecom), Wendy Brown (Federal PKI)<o:p></o:p></span></h3>
<h3>1. Roll Call<o:p></o:p></h3>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">The Roll Call was taken.<o:p></o:p></p>
<h3>2. Read Antitrust Statement<o:p></o:p></h3>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">The Antitrust/Compliance Statement was read.<o:p></o:p></p>
<h3>3. Review Agenda<o:p></o:p></h3>
<h3>4. Approval of minutes from last teleconference<o:p></o:p></h3>
<p class="MsoNormal">The minutes of the August 18 teleconference were approved. <o:p>
</o:p></p>
<h3>5. Discussion <o:p></o:p></h3>
<p class="MsoNormal">Discussion moved to the Individual Corporate-validation profile (aka the Sponsored profile).<br>
<a href="https://docs.google.com/spreadsheets/d/1gEq-o4jU1FWvKBeMoncfmhAUemAgGuvVRSLQb7PedLU/edit#gid=0">https://docs.google.com/spreadsheets/d/1gEq-o4jU1FWvKBeMoncfmhAUemAgGuvVRSLQb7PedLU/edit#gid=0</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">This profile may be used by Enterprise RAs, where Org information would be verified by the CA and individual details by the Enterprise RA.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">It was agreed to adopt a more systematic “pattern” for CommonName built from either the givenName+surname or repeating the email (similar to the repeat of the O or repeating the email proposed for the Organization profile). Clint Wilson
suggested that ultimately it may be better to have a single option such as email.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">It was agreed to allow Pseudonym subject to subsequent <span style="color:windowtext">
discussion</span> <span style="color:windowtext">in the Personal Individual profile and</span>
<span style="color:windowtext">of </span>verification procedures.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The use of serialNumber field was discussed at length. The serialNumber is often used by Enterprise RAs to hold employee ID, account number, etc of the individual Subject. Wendy Brown pointed out that it is often used for a DN qualifier
if multiple subjects exist with the same name. If the “EV JOI” format is used, the serialNumber would already be taken to hold info about the associated org – which is confusing. It was agreed that perhaps the best way to indicate the “vetting evidence”
would be by using the <span style="font-size:10.0pt;font-family:Roboto;background:white">
organizationalIdentifier as defined in EVG 9.2.8 and Appendix H</span>.<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Roboto;background:white"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Roboto;background:white">In Enterprise RA use, it is argued that the sponsor might be able to vouch for the OU being used for departments or even roles of the subject. At this time, the he Strict
and Multipurpose profile propose prohibiting OU. </span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">It was agreed to drop the streetAddress and PostalCode from the Strict profiles.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">There was discussion surrounding the limits of “affiliation of the individual with the Org” … for example it can be straight forward for me to have an O in my personal cert reflecting my employer or perhaps a membership organisation (see
also ETSI EN 319 411-1, 5.4.2). But how about a O issuing to customers or partners? Should they be directed towards using a simpler profile like the Mailbox-validated? Should the WG define a tag or extension for external RAs? These issues will need to
be clarified in the later WG discussions of Enterprise and Delegated RA and corresponding audit.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<h3 style="mso-margin-top-alt:1.0pt;margin-right:0in;margin-bottom:1.0pt;margin-left:0in">
6. Any Other Business<o:p></o:p></h3>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">None<o:p></o:p></p>
<h3>7. Next call<o:p></o:p></h3>
<h3><span style="font-size:11.0pt;font-weight:normal">Next call: Wednesday, September 15, 2021 at 11:00 am Eastern Time
<o:p></o:p></span></h3>
<h3><span lang="DE">Adjourned</span><o:p></o:p></h3>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
</div>
</body>
</html>