
<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

  </head>

  <body>

    <br>

    <br>

    <div class="moz-cite-prefix">On 12/11/2021 6:03 μ.μ., Stephen

      Davidson wrote:<br>

    </div>

    <blockquote type="cite"

cite="mid:BL1PR14MB514341BC5301D189EB654BA9E5959@BL1PR14MB5143.namprd14.prod.outlook.com">

      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

      <meta name="Generator" content="Microsoft Word 15 (filtered

        medium)">

      <style>@font-face

        {font-family:Wingdings;

        panose-1:5 0 0 0 0 0 0 0 0 0;}@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif;}a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}span.EmailStyle21

        {mso-style-type:personal-compose;

        font-family:"Calibri",sans-serif;

        color:windowtext;}.MsoChpDefault

        {mso-style-type:export-only;

        font-size:10.0pt;}div.WordSection1

        {page:WordSection1;}ol

        {margin-bottom:0in;}ul

        {margin-bottom:0in;}</style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

      <div class="WordSection1">

        <p class="MsoNormal">Thank you Dimitris.  <o:p></o:p></p>

        <p class="MsoNormal">The current draft language for the S/MIME

          BR is at <a

href="https://github.com/cabforum/smime/blob/preSBR/SBR.md#715--name-constraints"

            moz-do-not-send="true" class="moz-txt-link-freetext">

https://github.com/cabforum/smime/blob/preSBR/SBR.md#715--name-constraints</a><o:p></o:p></p>

        <p class="MsoNormal"><o:p> </o:p></p>

      </div>

    </blockquote>

    <br>

    Hi Stephen,<br>

    <br>

    Reading the challenges described in past discussions, are we sure we

    want to add a requirement for directoryName constraints in

    S/MIME-capable Technically constrained subCA Certificates? Would it

    be easy for such a subCA to issue an end-entity certificate that

    includes the subject: "C=US,CN=John Doe,<a class="moz-txt-link-abbreviated" href="mailto:Email=john.doe@example.com">Email=john.doe@example.com</a>"?<br>

    <br>

    Perhaps we should avoid setting requirements for directoryName

    constraints at the first version of the SMBRs.<br>

    <br>

    I'm also having trouble following the connection with section

    7.1.2.4 in the following text:<br>

    <br>

    "For each <code>directoryName</code> in <code>permittedSubtrees</code>,

    the CA MUST confirm the Applicant's and/or Subsidiary's

    Organizational name and location such that end entity certificates

    issued from the subordinate CA Certificate will be in compliance

    with <a

href="https://github.com/cabforum/smime/blob/preSBR/SBR.md#7124-all-certificates">Section

      7.1.2.4</a>."<br>

    <br>

    Perhaps 7.1.4.3 is more close to what you were looking for?<br>

    <br>

    <br>

    Dimitris.<br>

    <i></i><br>

    <blockquote type="cite"

cite="mid:BL1PR14MB514341BC5301D189EB654BA9E5959@BL1PR14MB5143.namprd14.prod.outlook.com">

      <div class="WordSection1">

        <p class="MsoNormal">Regards, Stephen<o:p></o:p></p>

        <p class="MsoNormal"><o:p> </o:p></p>

        <div>

          <div style="border:none;border-top:solid #E1E1E1

            1.0pt;padding:3.0pt 0in 0in 0in">

            <p class="MsoNormal"><b>From:</b> Smcwg-public

              <a class="moz-txt-link-rfc2396E" href="mailto:smcwg-public-bounces@cabforum.org"><smcwg-public-bounces@cabforum.org></a>

              <b>On Behalf Of </b>Dimitris Zacharopoulos (HARICA) via

              Smcwg-public<br>

              <b>Sent:</b> Wednesday, November 10, 2021 12:25 PM<br>

              <b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:smcwg-public@cabforum.org">smcwg-public@cabforum.org</a><br>

              <b>Subject:</b> [Smcwg-public] Technically Constrained

              S/MIME SubCas<o:p></o:p></p>

          </div>

        </div>

        <p class="MsoNormal"><o:p> </o:p></p>

        <p class="MsoNormal">Following-up on today's meeting, here are

          some links of discussion threads regarding the technical

          constraints for S/MIME-capable subCAs:<o:p></o:p></p>

        <ul type="disc">

          <li class="MsoNormal"

            style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0

            level1 lfo1">

            (discussion in 2017) <a

href="https://groups.google.com/g/mozilla.dev.security.policy/c/Flo8rkX5WB4/m/2TZxoqK9BQAJ"

              moz-do-not-send="true" class="moz-txt-link-freetext">

https://groups.google.com/g/mozilla.dev.security.policy/c/Flo8rkX5WB4/m/2TZxoqK9BQAJ</a><o:p></o:p></li>

          <li class="MsoNormal"

            style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0

            level1 lfo1">

            (most recent one) <a

href="https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/n1vLLXwNbuM/m/uvQ705e-BAAJ?utm_medium=email&utm_source=footer"

              moz-do-not-send="true">

https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/n1vLLXwNbuM/m/uvQ705e-BAAJ?utm_medium=email&utm_source=footer</a><o:p></o:p></li>

        </ul>

        <p>Dimitris.<o:p></o:p></p>

      </div>

    </blockquote>

    <br>

  </body>

</html>