<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><font face="Calibri">+1</font><br>
</p>
<div class="moz-cite-prefix">Il 10/03/2022 14:16, Pedro FUENTES via
Smcwg-public ha scritto:<br>
</div>
<blockquote type="cite"
cite="mid:0100017f73f9ab05-2ac5afbd-9c2d-4400-af99-01559ce63c20-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
While I still think that we should have available placeholders to
put “free” information that can be safely ignored by the relying
parties, I consider that in particular the CN is not such an
adequate placeholder, because this is the most visible field (i.e.
what most email clients will show as the signer of a message), and
therefore we are opening the door to phishing or MITM issues.
<div class=""><br class="">
</div>
<div class="">P<br class="">
<div><br class="">
<blockquote type="cite" class="">
<div class="">On 10 Mar 2022, at 13:22, Doug Beattie via
Smcwg-public <<a
href="mailto:smcwg-public@cabforum.org"
class="moz-txt-link-freetext" moz-do-not-send="true">smcwg-public@cabforum.org</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<meta charset="UTF-8" class="">
<div class="WordSection1" style="page: WordSection1;
caret-color: rgb(0, 0, 0); font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant-caps:
normal; font-weight: normal; letter-spacing: normal;
text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; word-spacing: 0px;
-webkit-text-stroke-width: 0px; text-decoration: none;">
<div style="margin: 0in; font-size: 11pt; font-family:
Calibri, sans-serif;" class=""><o:p class=""> </o:p></div>
<div style="margin: 0in; font-size: 11pt; font-family:
Calibri, sans-serif;" class=""><o:p class=""> </o:p></div>
<div class="">
<div style="border-style: solid none none;
border-top-width: 1pt; border-top-color: rgb(225,
225, 225); padding: 3pt 0in 0in;" class="">
<div style="margin: 0in 0in 0in 0.5in; font-size:
11pt; font-family: Calibri, sans-serif;" class=""><b
class="">From:</b><span
class="Apple-converted-space"> </span>Smcwg-public
<<a
href="mailto:smcwg-public-bounces@cabforum.org"
style="color: rgb(5, 99, 193); text-decoration:
underline;" class="moz-txt-link-freetext"
moz-do-not-send="true">smcwg-public-bounces@cabforum.org</a>><span
class="Apple-converted-space"> </span><b
class="">On Behalf Of<span
class="Apple-converted-space"> </span></b>Dimitris
Zacharopoulos (HARICA) via Smcwg-public<br
class="">
<b class="">Sent:</b><span
class="Apple-converted-space"> </span>Thursday,
March 10, 2022 6:46 AM<br class="">
<b class="">To:</b><span
class="Apple-converted-space"> </span>Henschel,
Andreas <<a
href="mailto:a.henschel@d-trust.net"
style="color: rgb(5, 99, 193); text-decoration:
underline;" class="moz-txt-link-freetext"
moz-do-not-send="true">a.henschel@d-trust.net</a>>;
SMIME Certificate Working Group <<a
href="mailto:smcwg-public@cabforum.org"
style="color: rgb(5, 99, 193); text-decoration:
underline;" class="moz-txt-link-freetext"
moz-do-not-send="true">smcwg-public@cabforum.org</a>><br
class="">
<b class="">Subject:</b><span
class="Apple-converted-space"> </span>Re:
[Smcwg-public] [EXTERNAL]-Re: Common Name contents<o:p
class=""></o:p></div>
</div>
</div>
<div style="margin: 0in 0in 0in 0.5in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""><o:p
class=""> </o:p></div>
<p class="MsoNormal" style="margin: 0in 0in 12pt 0.5in;
font-size: 11pt; font-family: Calibri, sans-serif;"><o:p
class=""> </o:p></p>
<div class="">
<div style="margin: 0in 0in 0in 0.5in; font-size:
11pt; font-family: Calibri, sans-serif;" class="">On
10/3/2022 1:34 μ.μ., Henschel, Andreas wrote:<o:p
class=""></o:p></div>
</div>
<blockquote style="margin-top: 5pt; margin-bottom: 5pt;"
class="">
<div style="margin: 0in 0in 0in 0.5in; font-size:
11pt; font-family: Calibri, sans-serif;" class=""><span
style="color: rgb(31, 73, 125);" class="">Hey
Dimitris,</span><o:p class=""></o:p></div>
<div style="margin: 0in 0in 0in 0.5in; font-size:
11pt; font-family: Calibri, sans-serif;" class=""><span
style="color: rgb(31, 73, 125);" class=""> </span><o:p
class=""></o:p></div>
<div style="margin: 0in 0in 0in 0.5in; font-size:
11pt; font-family: Calibri, sans-serif;" class=""><span
style="color: rgb(31, 73, 125);" class="">in a
first step, pseudonyms could be allowed in
sponsored profiles. From an external point of
view, those entities have the same accepted
validation level as certificates with an
organisation profile as the organisation is
properly validated anyway.</span><o:p class=""></o:p></div>
</blockquote>
<div style="margin: 0in 0in 0in 0.5in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""><br
class="">
Hi Andreas,<br class="">
<br class="">
Why should they be allowed if we cannot describe the
rules for it? Do you believe it is ok to have a
sponsored profile that allows a natural person
associated with a company to use any value in the
subjectDN of the certificate? I believe the risks for
allowing such a practice are not acceptable.<o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt; font-family:
Calibri, sans-serif;" class=""><o:p class=""> </o:p></div>
<div style="margin: 0in; font-size: 11pt; font-family:
Calibri, sans-serif;" class=""><span style="color:
rgb(84, 130, 53);" class="">Values in surname and
givenname must be validated, yes, but let’s continue
to permit the enterprise RA to specify the CN, OU
and<span class="Apple-converted-space"> </span></span><span
style="color: rgb(84, 130, 53);" class="">Pseudonym
like we do today. Focus on email validation rules
and limit the subject DN validation to C, S, L and
O. If there are usecases that demand more, then
let’s let them define those rules and policy OIDs to
be used in the certificates on top of the profiles
we’re defining here.</span><span style="color:
rgb(84, 130, 53);" class=""><o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0in 0.5in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""><br
class="">
<br class="">
Best regards,<br class="">
Dimitris.<br class="">
<br class="">
<o:p class=""></o:p></div>
<blockquote style="margin-top: 5pt; margin-bottom: 5pt;"
class="">
<div style="margin: 0in; font-size: 11pt; font-family:
Calibri, sans-serif;" class=""><span style="color:
rgb(31, 73, 125);" class=""> </span><o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt; font-family:
Calibri, sans-serif;" class=""><span style="color:
rgb(31, 73, 125);" class="">Kind regards,</span><o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt; font-family:
Calibri, sans-serif;" class=""><span style="color:
rgb(31, 73, 125);" class="">Andreas</span><o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt; font-family:
Calibri, sans-serif;" class=""> <o:p class=""></o:p></div>
<div class="">
<div style="border-style: solid none none;
border-top-width: 1pt; border-top-color: rgb(225,
225, 225); padding: 3pt 0in 0in;" class="">
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""><b
class="">Von:</b><span
class="Apple-converted-space"> </span>Smcwg-public<span
class="Apple-converted-space"> </span><a
href="mailto:smcwg-public-bounces@cabforum.org"
style="color: rgb(5, 99, 193);
text-decoration: underline;" class=""
moz-do-not-send="true"><smcwg-public-bounces@cabforum.org></a><span
class="Apple-converted-space"> </span><b
class="">Im Auftrag von<span
class="Apple-converted-space"> </span></b>Dimitris
Zacharopoulos (HARICA) via Smcwg-public<br
class="">
<b class="">Gesendet:</b><span
class="Apple-converted-space"> </span>Donnerstag,
10. März 2022 12:25<br class="">
<b class="">An:</b><span
class="Apple-converted-space"> </span>Juan
Ángel Martín<span class="Apple-converted-space"> </span><a
href="mailto:martin_ja@camerfirma.com"
style="color: rgb(5, 99, 193);
text-decoration: underline;" class=""
moz-do-not-send="true"><martin_ja@camerfirma.com></a>;
SMIME Certificate Working Group<span
class="Apple-converted-space"> </span><a
href="mailto:smcwg-public@cabforum.org"
style="color: rgb(5, 99, 193);
text-decoration: underline;" class=""
moz-do-not-send="true"><smcwg-public@cabforum.org></a><br
class="">
<b class="">Betreff:</b><span
class="Apple-converted-space"> </span>Re:
[Smcwg-public] [EXTERNAL]-Re: Common Name
contents<o:p class=""></o:p></div>
</div>
</div>
<div style="margin: 0in; font-size: 11pt; font-family:
Calibri, sans-serif;" class=""> <o:p class=""></o:p></div>
<p class="MsoNormal" style="margin: 0in 0in 12pt;
font-size: 11pt; font-family: Calibri, sans-serif;"><span
style="font-size: 12pt;" class=""> </span><o:p
class=""></o:p></p>
<div class="">
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">On
10/3/2022 1:14 μ.μ., Juan Ángel Martín wrote:<o:p
class=""></o:p></div>
</div>
<blockquote style="margin-top: 5pt; margin-bottom:
5pt;" class="">
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">Dimitris,<o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""> <o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">One
use case of pseudonyms that I know of is the need
for the police to sign certain messages, e.g.
traffic tickets, with a qualified eIDAS
certificate.<o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""> <o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">But
the police officers do not want their name,
surname and personal identification document
number to appear on the certificate, which signs
the traffic ticket for unavoidable legal reasons
in Europe.<o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""> <o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">I
think it would be desirable to give an answer to
this need in the CABF requirements for SMIME
certificates.<o:p class=""></o:p></div>
</blockquote>
<div style="margin: 0in; font-size: 11pt; font-family:
Calibri, sans-serif;" class=""><span
style="font-size: 12pt; font-family: "Times
New Roman ,serif", serif;" class=""><br
class="">
Thank you Juan Ángel,<br class="">
<br class="">
We all agree with the end goal but we can't
address the concerns without answering some
questions regarding the validation process. For
example, what do those traffic tickets look like
in terms of the signer? Does it only have a random
identifier as described in the 2nd bullet of my
previous letter? Does it say something like
"Officer John"? It is important to get some
transparency on this so the SMCWG can develop
validation rules that would support this feature.<br
class="">
<br class="">
<br class="">
Best regards,<br class="">
Dimitris.<br class="">
<br class="">
<br class="">
<br class="">
</span><o:p class=""></o:p></div>
<blockquote style="margin-top: 5pt; margin-bottom:
5pt;" class="">
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""> <o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">Thanks,<o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">Juan
Ángel<o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""> <o:p
class=""></o:p></div>
<div class="">
<div style="border-style: solid none none;
border-top-width: 1pt; border-top-color:
rgb(225, 225, 225); padding: 3pt 0in 0in;"
class="">
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""><b
class="">De:</b><span
class="Apple-converted-space"> </span>Smcwg-public<span
class="Apple-converted-space"> </span><a
href="mailto:smcwg-public-bounces@cabforum.org"
style="color: rgb(5, 99, 193);
text-decoration: underline;" class=""
moz-do-not-send="true"><smcwg-public-bounces@cabforum.org></a><span
class="Apple-converted-space"> </span><b
class="">En nombre de<span
class="Apple-converted-space"> </span></b>Dimitris
Zacharopoulos (HARICA) via Smcwg-public<br
class="">
<b class="">Enviado el:</b><span
class="Apple-converted-space"> </span>jueves,
10 de marzo de 2022 10:40<br class="">
<b class="">Para:</b><span
class="Apple-converted-space"> </span>Wiedenhorst,
Matthias<span class="Apple-converted-space"> </span><a
href="mailto:M.Wiedenhorst@tuvit.de"
style="color: rgb(5, 99, 193);
text-decoration: underline;" class=""
moz-do-not-send="true"><M.Wiedenhorst@tuvit.de></a>;
SMIME Certificate Working Group<span
class="Apple-converted-space"> </span><a
href="mailto:smcwg-public@cabforum.org"
style="color: rgb(5, 99, 193);
text-decoration: underline;" class=""
moz-do-not-send="true"><smcwg-public@cabforum.org></a><br
class="">
<b class="">Asunto:</b><span
class="Apple-converted-space"> </span>Re:
[Smcwg-public] [EXTERNAL]-Re: Common Name
contents<o:p class=""></o:p></div>
</div>
</div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""> <o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">Matthias,<br
class="">
<br class="">
This is indeed a legal requirement in eIDAS and we
need to see its applicability for S/MIME
certificates.<br class="">
<br class="">
The problem we need to address is the fact that I
can validate myself to a CA with my physical
presence and my official name (Dimitrios
Zacharopoulos), and ask for a Pseudonym to be
included in the certificate, but the process is
unclear. Here are some questions/concerns (not
addressed explicitly to Matthias, anyone can
chime-in):<span class="Apple-converted-space"> </span><o:p
class=""></o:p></div>
<ol style="margin-bottom: 0in;" class="" type="1"
start="1">
<li class="MsoNormal" style="margin: 0in;
font-size: 11pt; font-family: Calibri,
sans-serif;">Could I ask that my pseudonym is
"Matthias Wiedenhorst" or "Mickey Mouse"? How is
THAT information validated so that it is not
misleading to Relying Parties?<o:p class=""></o:p></li>
<li class="MsoNormal" style="margin: 0in;
font-size: 11pt; font-family: Calibri,
sans-serif;">Can the pseudonym be a name/value
that the CA decides, e.g. "Pseudonym-482733812"?
How is that helpful for Relying Parties?<o:p
class=""></o:p></li>
<li class="MsoNormal" style="margin: 0in;
font-size: 11pt; font-family: Calibri,
sans-serif;">Can a Relying Party ask the CA to
reveal the real identity of the person behind
the pseudonym? If this is the case, how is this
protecting the real person for being in danger?<o:p
class=""></o:p></li>
</ol>
<p class="MsoNormal" style="margin: 0in 0in 12pt;
font-size: 11pt; font-family: Calibri,
sans-serif;"><br class="">
Thanks,<br class="">
Dimitris.<o:p class=""></o:p></p>
<div class="">
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">On
10/3/2022 9:05 π.μ., Wiedenhorst, Matthias via
Smcwg-public wrote:<o:p class=""></o:p></div>
</div>
<blockquote style="margin-top: 5pt; margin-bottom:
5pt;" class="">
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""><span
style="font-size: 10pt; font-family: Arial,
sans-serif; color: rgb(31, 73, 125);" class="">Hi
all!</span><o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""><span
style="font-size: 10pt; font-family: Arial,
sans-serif; color: rgb(31, 73, 125);" class=""> </span><o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""><span
style="font-size: 10pt; font-family: Arial,
sans-serif; color: rgb(31, 73, 125);" class=""
lang="EN-GB">Article 5 (2) eIDAS reads:</span><o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""><i
class=""><span style="font-size: 10pt;
font-family: Arial, sans-serif; color:
rgb(31, 73, 125);" class="" lang="EN-GB">“Without
prejudice to the legal effect given to
pseudonyms under national law, the use of
pseudonyms in electronic transactions shall
not be prohibited.”</span></i><o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""><span
style="font-size: 10pt; font-family: Arial,
sans-serif; color: rgb(31, 73, 125);" class=""
lang="EN-GB"> </span><o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""><span
style="font-size: 10pt; font-family: Arial,
sans-serif; color: rgb(31, 73, 125);" class=""
lang="EN-GB">I am not a lawyer, but to me it
sounds as if prohibiting pseudonyms could
cause problems within the EU.</span><o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""><span
style="font-size: 10pt; font-family: Arial,
sans-serif; color: rgb(31, 73, 125);" class=""
lang="EN-GB"> </span><o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""><span
style="font-size: 10pt; font-family: Arial,
sans-serif; color: rgb(31, 73, 125);" class=""
lang="EN-GB">Legitimate use cases that I have
heard of from different CAs are for example
persons from the “law enforcement area” that
are in danger to be threatened or even
attacked in their private live when their full
real name is known.</span><o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""><span
style="font-size: 10pt; font-family: Arial,
sans-serif; color: rgb(31, 73, 125);" class=""
lang="EN-GB">As already pointed out, a
pseudonym certificate is not an anonymous
certificate, but only the CA is able to reveal
identity. Identification of the person has to
be performed identically as if a certificate
without pseudonym would be issued.</span><o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""><span
style="font-size: 10pt; font-family: Arial,
sans-serif; color: rgb(31, 73, 125);" class=""
lang="EN-GB"> </span><o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""><span
style="font-size: 10pt; font-family: Arial,
sans-serif; color: rgb(31, 73, 125);" class=""
lang="EN-GB">Best regards</span><o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""><span
style="font-size: 10pt; font-family: Arial,
sans-serif; color: rgb(31, 73, 125);" class=""
lang="EN-GB">Matthias</span><o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""><span
class="" lang="EN-GB"> </span><o:p class=""></o:p></div>
<div class="">
<div style="border-style: solid none none;
border-top-width: 1pt; border-top-color:
rgb(225, 225, 225); padding: 3pt 0in 0in;"
class="">
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""><b
class="">Von:</b><span
class="Apple-converted-space"> </span>Smcwg-public<span
class="Apple-converted-space"> </span><a
href="mailto:smcwg-public-bounces@cabforum.org"
style="color: rgb(5, 99, 193);
text-decoration: underline;" class=""
moz-do-not-send="true"><smcwg-public-bounces@cabforum.org></a><span
class="Apple-converted-space"> </span><b
class="">Im Auftrag von<span
class="Apple-converted-space"> </span></b>Stephen
Davidson via Smcwg-public<br class="">
<b class="">Gesendet:</b><span
class="Apple-converted-space"> </span>Mittwoch,
9. März 2022 15:34<br class="">
<b class="">An:</b><span
class="Apple-converted-space"> </span>Pedro
FUENTES<span class="Apple-converted-space"> </span><a
href="mailto:pfuentes@WISEKEY.COM"
style="color: rgb(5, 99, 193);
text-decoration: underline;" class=""
moz-do-not-send="true"><pfuentes@WISEKEY.COM></a>;
SMIME Certificate Working Group<span
class="Apple-converted-space"> </span><a
href="mailto:smcwg-public@cabforum.org"
style="color: rgb(5, 99, 193);
text-decoration: underline;" class=""
moz-do-not-send="true"><smcwg-public@cabforum.org></a>;
Dimitris Zacharopoulos (HARICA)<span
class="Apple-converted-space"> </span><a
href="mailto:dzacharo@harica.gr"
style="color: rgb(5, 99, 193);
text-decoration: underline;" class=""
moz-do-not-send="true"><dzacharo@harica.gr></a><br
class="">
<b class="">Betreff:</b><span
class="Apple-converted-space"> </span>Re:
[Smcwg-public] [EXTERNAL]-Re: Common Name
contents<o:p class=""></o:p></div>
</div>
</div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""> <o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">In
general, the CA is supposed to validate the true
identity of a holder behind a
subject:pseudonym. This is different from an
anonymous cert.<o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">The
difficulty we face is that, having chosen to
require Subject identity information to be
verified, it would be inconsistent to allow the
freeform use of pseudonyms.<o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">As
far as I know, only Germany provides the options
for alternative “religious names or pseudonyms”
on their national ID:<span
class="Apple-converted-space"> </span><a
href="https://www.consilium.europa.eu/prado/en/DEU-BO-02004/image-344552.html"
style="color: rgb(5, 99, 193);
text-decoration: underline;"
class="moz-txt-link-freetext"
moz-do-not-send="true">https://www.consilium.europa.eu/prado/en/DEU-BO-02004/image-344552.html</a><span
class="Apple-converted-space"> </span>... So
that significantly narrows the options for
verifying pseudonyms!<o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">My
personal belief is that we should drop the use
of pseudonyms from this draft. I hope that
SMCWG members that disagree with this will speak
up.<o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">The
Mailbox-validated (MV) profiles are probably
more appropriate for users not wishing “real
name” identity to be in their certs.<o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""> <o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">Regards,
Stephen<o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""> <o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""> <o:p
class=""></o:p></div>
<div class="">
<div style="border-style: solid none none;
border-top-width: 1pt; border-top-color:
rgb(225, 225, 225); padding: 3pt 0in 0in;"
class="">
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""><b
class="">From:</b><span
class="Apple-converted-space"> </span>Smcwg-public
<<a
href="mailto:smcwg-public-bounces@cabforum.org"
style="color: rgb(5, 99, 193);
text-decoration: underline;"
class="moz-txt-link-freetext"
moz-do-not-send="true">smcwg-public-bounces@cabforum.org</a>><span
class="Apple-converted-space"> </span><b
class="">On Behalf Of<span
class="Apple-converted-space"> </span></b>Pedro
FUENTES via Smcwg-public<br class="">
<b class="">Sent:</b><span
class="Apple-converted-space"> </span>Monday,
March 7, 2022 2:35 PM<br class="">
<b class="">To:</b><span
class="Apple-converted-space"> </span>Dimitris
Zacharopoulos (HARICA) <<a
href="mailto:dzacharo@harica.gr"
style="color: rgb(5, 99, 193);
text-decoration: underline;"
class="moz-txt-link-freetext"
moz-do-not-send="true">dzacharo@harica.gr</a>>;
SMIME Certificate Working Group <<a
href="mailto:smcwg-public@cabforum.org"
style="color: rgb(5, 99, 193);
text-decoration: underline;"
class="moz-txt-link-freetext"
moz-do-not-send="true">smcwg-public@cabforum.org</a>><br
class="">
<b class="">Subject:</b><span
class="Apple-converted-space"> </span>Re:
[Smcwg-public] [EXTERNAL]-Re: Common Name
contents<o:p class=""></o:p></div>
</div>
</div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""> <o:p
class=""></o:p></div>
<div class="">
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">Could
it be just acceptable that a pseudonym is
freely chosen by a subscriber?<o:p class=""></o:p></div>
</div>
<div class="">
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">In
other words… could it be acceptable to have
names in the subjectName which don’t require
validation?<o:p class=""></o:p></div>
</div>
<div class="">
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">We
don’t currently use such attributes, but I
wonder if this could be good to reserve
certain flexibility for use cases where
anonymization is desired. <o:p class=""></o:p></div>
</div>
<div class="">
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class="">Pedro<o:p
class=""></o:p></div>
</div>
<div class="">
<p class="MsoNormal" style="margin: 0in 0in
12pt; font-size: 11pt; font-family: Calibri,
sans-serif;"> <o:p class=""></o:p></p>
<blockquote style="margin-top: 5pt;
margin-bottom: 5pt;" class="">
<p class="MsoNormal" style="margin: 0in 0in
12pt; font-size: 11pt; font-family: Calibri,
sans-serif;">Le 7 mars 2022 à 18:58,
Dimitris Zacharopoulos (HARICA) via
Smcwg-public <<a
href="mailto:smcwg-public@cabforum.org"
style="color: rgb(5, 99, 193);
text-decoration: underline;"
class="moz-txt-link-freetext"
moz-do-not-send="true">smcwg-public@cabforum.org</a>>
a écrit :<o:p class=""></o:p></p>
</blockquote>
</div>
<blockquote style="margin-top: 5pt; margin-bottom:
5pt;" class="">
<div class="">
<p class="MsoNormal" style="margin: 0in 0in
12pt; font-size: 11pt; font-family: Calibri,
sans-serif;"> Unless CAs have some clear
rules on how to validate pseudonyms, I also
believe we should exclude this attribute
from the allowed profiles which makes this
attribute practically not allowed. We must
be explicit about this because other
attributes may be allowed.<br class="">
<br class="">
Dimitris.<o:p class=""></o:p></p>
<div class="">
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class="">On 7/3/2022 9:41 π.μ., Adriano
Santoni via Smcwg-public wrote:<o:p
class=""></o:p></div>
</div>
<blockquote style="margin-top: 5pt;
margin-bottom: 5pt;" class="">
<p class="">We do not support pseudonyms,
and do not think there is a need for them.<o:p
class=""></o:p></p>
<blockquote style="margin-top: 5pt;
margin-bottom: 5pt;" class="">
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class="">...we could even chose to
exclude this attribute from the allowed
profiles<o:p class=""></o:p></div>
</blockquote>
<p class="">Yes, that's what we suggest to
do: exclude this attribute from the
allowed profiles.<o:p class=""></o:p></p>
<p class="">Adriano<o:p class=""></o:p></p>
<p class=""> <o:p class=""></o:p></p>
<div class="">
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class="">Il 02/03/2022 18:43, Stephen
Davidson via Smcwg-public ha scritto:<o:p
class=""></o:p></div>
</div>
<blockquote style="margin-top: 5pt;
margin-bottom: 5pt;" class="">
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class="">Hi Doug:<o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class=""> <o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class="">1. Further to our discussion
today, the language in ETSI EN 319 412-2
probably has the clearest definition:<o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class=""> <o:p class=""></o:p></div>
<div style="margin: 0in 0in 0in 0.5in;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">The commonName
attribute value shall contain a name of
the subject. This may be in the
subject's preferred presentation format,
or a format preferred by the CA, or some
other format. Pseudonyms, nicknames, and
names with spelling other than defined
by the registered name may be used.<span
class="Apple-converted-space"> </span><o:p
class=""></o:p></div>
<div style="margin: 0in 0in 0in 0.5in;
font-size: 11pt; font-family: Calibri,
sans-serif;" class=""> <o:p class=""></o:p></div>
<div style="margin: 0in 0in 0in 0.5in;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">NOTE 1: The
commonName attribute has a usage purpose
that is different from the required
choice of pseudonym or
givenName/surname. commonName is used
for user friendly representation of the
person's name, whereas givenName/surname
is used where more formal representation
or verification of specific identity of
the user is required. To maximize
interoperability both are considered
necessary.<o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class=""> <o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class="">It does not give guidance on
the scope for “user friendly
representation of the person's name” and
as far as I can tell, most TSPs apply
either (givenName and surname) or
pseudonym in that field.<o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class=""> <o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class="">Notwithstanding this, our
previous discussions had been for the
commonName to include verified
information for the purposes of the
S/MIME BR, leading to the options
described<span
class="Apple-converted-space"> </span><a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_cabforum_smime_blob_preSBR_SBR.md-2371422-2Dsubject-2Ddistinguished-2Dname-2Dfields&d=DwMDaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=NCuXVva5JxiZue0JFxEbVTEZS67ltuKPjLakEuBlN-Q&s=SikwTyV2nbwaM8CjAAm0ewzVcCUuXH_rrJl0zlNlYwQ&e="
style="color: rgb(5, 99, 193);
text-decoration: underline;" class=""
moz-do-not-send="true">here</a>.<o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class=""> <o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class=""><b class=""><u class="">We are
interested in hearing perspectives
from both Certificate Issuers and
Certificate Issuers on this point.</u></b><o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class=""> <o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class="">2. The handling of
subject:pseudonym is still an unresolved
issue – and so text still needs to be
tightened up. We are working from the
basis that Subject information must be
verified, so this would also apply to
pseudonym (ie not a self reported name).
Pseudonym identity is, by definition,
linked to the person’s real identity<o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class=""> <o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class="">ETSI TS 199 461 tries to deal
with it by saying:<o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class=""> <o:p class=""></o:p></div>
<div style="margin: 0in 0in 0in 0.5in;
font-size: 11pt; font-family: Calibri,
sans-serif;" class="">Although the
outcome of the identity proofing can be
a pseudonym identity, identity proofing
requires identification of the real
identity of the person as determined by
applicable identity documents, official
registers or other authoritative
sources.<o:p class=""></o:p></div>
<div style="margin: 0in 0in 0in 0.5in;
font-size: 11pt; font-family: Calibri,
sans-serif;" class=""> <o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class="">But as far as I can tell, only
Germany provides pseudonym as an
information attribute on official
identity documents. Given the lack of
clarity, we could even chose to exclude
this attribute from the allowed
profiles.<o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class=""> <o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class=""><b class=""><u class="">We’d be
interested to hear from Certificate
Issuers what their practices are
using the pseudonym in regulated
certificate types.</u></b><o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class=""> <o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class="">Best, Stephen<o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class=""> <o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class="">Stephen Davidson<span
class="Apple-converted-space"> </span><o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class="">DigiCert Governance, Risk &
Compliance<br class="">
<a
href="mailto:stephen.davidson@digicert.com"
style="color: rgb(5, 99, 193);
text-decoration: underline;"
class="moz-txt-link-freetext"
moz-do-not-send="true">stephen.davidson@digicert.com</a><o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class="">O 1.441.278.2803 | M
1.441.505.4908<o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class=""> <o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class=""><code style="font-family:
"Courier New";" class=""><span
style="font-size: 10pt;" class=""> </span></code><o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class=""> <o:p class=""></o:p></div>
<div class="">
<div style="border-style: solid none
none; border-top-width: 1pt;
border-top-color: rgb(225, 225, 225);
padding: 3pt 0in 0in;" class="">
<div style="margin: 0in; font-size:
11pt; font-family: Calibri,
sans-serif;" class=""><b class="">From:</b><span
class="Apple-converted-space"> </span>Doug
Beattie<span
class="Apple-converted-space"> </span><a
href="mailto:doug.beattie@globalsign.com" style="color: rgb(5, 99, 193);
text-decoration: underline;"
class="" moz-do-not-send="true"><doug.beattie@globalsign.com></a><span
class="Apple-converted-space"> </span><br
class="">
<b class="">Sent:</b><span
class="Apple-converted-space"> </span>Wednesday,
March 2, 2022 1:10 PM<br class="">
<b class="">To:</b><span
class="Apple-converted-space"> </span>Stephen
Davidson<span
class="Apple-converted-space"> </span><a
href="mailto:Stephen.Davidson@digicert.com" style="color: rgb(5, 99,
193); text-decoration: underline;"
class="" moz-do-not-send="true"><Stephen.Davidson@digicert.com></a>;
SMIME Certificate Working Group<span
class="Apple-converted-space"> </span><a
href="mailto:smcwg-public@cabforum.org" style="color: rgb(5, 99, 193);
text-decoration: underline;"
class="" moz-do-not-send="true"><smcwg-public@cabforum.org></a><br
class="">
<b class="">Subject:</b><span
class="Apple-converted-space"> </span>Common
Name contents<o:p class=""></o:p></div>
</div>
</div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class=""> <o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class="">Hey Stephen,<o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class=""> <o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class="">During the call today it was
mentioned that all of the subject info
pulled from the certificates and
displayed via GUI needs to be validated
(no more OU logic). I went back and
looked at the options for Sponsor
validated certs and it permits the
Pseudonym to be present in the CN. <span
class="Apple-converted-space"> </span><o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class=""> <o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class="">I went to check the rules for
validation and found this:<o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class=""> <o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class="">f.<span
class="Apple-converted-space"> </span><strong
class=""><span style="font-family:
Calibri, sans-serif;" class="">Certificate
Field:</span></strong><span
class="Apple-converted-space"> </span><code
style="font-family: "Courier
New";" class=""><span
style="font-size: 10pt;" class="">subject:pseudonym</span></code><span
class="Apple-converted-space"> </span>(2.5.4.65)<br
class="">
<strong class=""><span
style="font-family: Calibri,
sans-serif;" class="">Contents:</span></strong><span
class="Apple-converted-space"> </span>The
pseudonym attribute MUST NOT be present
if the givenName and/or surname
attribute are present. If present, the<span
class="Apple-converted-space"> </span><code
style="font-family: "Courier
New";" class=""><span
style="font-size: 10pt;" class="">subject:pseudonym</span></code><span
class="Apple-converted-space"> </span>field
field MUST be verified according to<span
class="Apple-converted-space"> </span><a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_cabforum_smime_blob_preSBR_SBR.md-23323-2Dauthentication-2Dof-2Dindividual-2Didentity&d=DwMDaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=NCuXVva5JxiZue0JFxEbVTEZS67ltuKPjLakEuBlN-Q&s=nliz6I7gIbr8WMy3LZQ94CqxFqzTqVpunO8t0YqxuCo&e="
style="color: rgb(5, 99, 193);
text-decoration: underline;" class=""
moz-do-not-send="true">Section 3.2.3</a>.<o:p
class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class=""> <o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class="">But I could not find any
references to this field in that
section, or section 3.2.4 that indicates
how this is to be validated. Are there
CA validation rules for this, or can any
value be supplied?<o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class=""> <o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class="">Doug<o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class=""> <o:p class=""></o:p></div>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;"
class=""> <o:p class=""></o:p></div>
<p class="MsoNormal" style="margin: 0in
0in 12pt; font-size: 11pt; font-family:
Calibri, sans-serif;"> <o:p class=""></o:p></p>
<pre style="margin: 0in; font-size: 10pt; font-family: "Courier New";" class="">_______________________________________________<o:p class=""></o:p></pre>
<pre style="margin: 0in; font-size: 10pt; font-family: "Courier New";" class="">Smcwg-public mailing list<o:p class=""></o:p></pre>
<pre style="margin: 0in; font-size: 10pt; font-family: "Courier New";" class=""><a href="mailto:Smcwg-public@cabforum.org" style="color: rgb(5, 99, 193); text-decoration: underline;" class="moz-txt-link-freetext" moz-do-not-send="true">Smcwg-public@cabforum.org</a><o:p class=""></o:p></pre>
<pre style="margin: 0in; font-size: 10pt; font-family: "Courier New";" class=""><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwMDaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=NCuXVva5JxiZue0JFxEbVTEZS67ltuKPjLakEuBlN-Q&s=M6K8kM_fZBp_w11MPEbpQzwTErczaQV8-qlOhtEiIMg&e=" style="color: rgb(5, 99, 193); text-decoration: underline;" class="" moz-do-not-send="true">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a><o:p class=""></o:p></pre>
</blockquote>
<p class="MsoNormal" style="margin: 0in 0in
12pt; font-size: 11pt; font-family:
Calibri, sans-serif;"> <o:p class=""></o:p></p>
<pre style="margin: 0in; font-size: 10pt; font-family: "Courier New";" class="">_______________________________________________<o:p class=""></o:p></pre>
<pre style="margin: 0in; font-size: 10pt; font-family: "Courier New";" class="">Smcwg-public mailing list<o:p class=""></o:p></pre>
<pre style="margin: 0in; font-size: 10pt; font-family: "Courier New";" class=""><a href="mailto:Smcwg-public@cabforum.org" style="color: rgb(5, 99, 193); text-decoration: underline;" class="moz-txt-link-freetext" moz-do-not-send="true">Smcwg-public@cabforum.org</a><o:p class=""></o:p></pre>
<pre style="margin: 0in; font-size: 10pt; font-family: "Courier New";" class=""><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwMDaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=NCuXVva5JxiZue0JFxEbVTEZS67ltuKPjLakEuBlN-Q&s=M6K8kM_fZBp_w11MPEbpQzwTErczaQV8-qlOhtEiIMg&e=" style="color: rgb(5, 99, 193); text-decoration: underline;" class="" moz-do-not-send="true">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a><o:p class=""></o:p></pre>
</blockquote>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""><br
class="">
_______________________________________________<br class="">
Smcwg-public mailing list<br class="">
<a href="mailto:Smcwg-public@cabforum.org"
style="color: rgb(5, 99, 193);
text-decoration: underline;"
class="moz-txt-link-freetext"
moz-do-not-send="true">Smcwg-public@cabforum.org</a><br
class="">
<a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=NCuXVva5JxiZue0JFxEbVTEZS67ltuKPjLakEuBlN-Q&s=M6K8kM_fZBp_w11MPEbpQzwTErczaQV8-qlOhtEiIMg&e="
style="color: rgb(5, 99, 193);
text-decoration: underline;" class=""
moz-do-not-send="true">https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=NCuXVva5JxiZue0JFxEbVTEZS67ltuKPjLakEuBlN-Q&s=M6K8kM_fZBp_w11MPEbpQzwTErczaQV8-qlOhtEiIMg&e=</a><o:p
class=""></o:p></div>
</div>
</blockquote>
<pre style="margin: 0in; font-size: 10pt; font-family: "Courier New";" class=""><span style="font-size: 7.5pt; font-family: Arial, sans-serif;" class=""> </span><o:p class=""></o:p></pre>
<pre style="margin: 0in; font-size: 10pt; font-family: "Courier New";" class=""><strong class=""><span style="font-size: 7.5pt; font-family: Arial, sans-serif;" class="">______________________________________________________________________________________________________________________</span></strong><o:p class=""></o:p></pre>
<pre style="margin: 0in; font-size: 10pt; font-family: "Courier New";" class=""><strong class=""><span style="font-size: 7.5pt; font-family: Arial, sans-serif;" class="">Sitz der Gesellschaft/Headquarter:</span></strong><span style="font-size: 7.5pt; font-family: Arial, sans-serif;" class=""> TÜV Informationstechnik GmbH * Am TÜV 1 * 45307 Essen, Germany</span><o:p class=""></o:p></pre>
<pre style="margin: 0in; font-size: 10pt; font-family: "Courier New";" class=""><strong class=""><span style="font-size: 7.5pt; font-family: Arial, sans-serif;" class="">Registergericht/Register Court:</span></strong><span style="font-size: 7.5pt; font-family: Arial, sans-serif;" class=""> Amtsgericht/Local Court Essen * HRB 11687 * USt.-IdNr./VAT No.: DE 176132277 * Steuer-Nr./Tax No.: 111/57062251</span><o:p class=""></o:p></pre>
<pre style="margin: 0in; font-size: 10pt; font-family: "Courier New";" class=""><strong class=""><span style="font-size: 7.5pt; font-family: Arial, sans-serif;" class="">Geschäftsführung/Management Board:</span></strong><span style="font-size: 7.5pt; font-family: Arial, sans-serif;" class=""> Dirk Kretzschmar </span><o:p class=""></o:p></pre>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""> <o:p
class=""></o:p></div>
<pre style="margin: 0in; font-size: 10pt; font-family: "Courier New";" class=""><b class=""><span style="font-size: 12pt; font-family: Arial, sans-serif;" class="">TÜV NORD GROUP</span></b><o:p class=""></o:p></pre>
<pre style="margin: 0in; font-size: 10pt; font-family: "Courier New";" class=""><span style="font-size: 7.5pt; font-family: Arial, sans-serif;" class="">Expertise for your Success</span><o:p class=""></o:p></pre>
<pre style="margin: 0in; font-size: 10pt; font-family: "Courier New";" class=""><b class=""><span style="font-size: 7.5pt; font-family: Arial, sans-serif;" class="">Please visit our website: <a href="http://www.tuv-nord.com/" style="color: rgb(5, 99, 193); text-decoration: underline;" class="" moz-do-not-send="true">www.tuv-nord.com</a></span></b><o:p class=""></o:p></pre>
<pre style="margin: 0in; font-size: 10pt; font-family: "Courier New";" class=""><b class=""><span style="font-size: 7.5pt; font-family: Arial, sans-serif;" class="">Besuchen Sie unseren Internetauftritt: <a href="http://www.tuev-nord.de/" style="color: rgb(5, 99, 193); text-decoration: underline;" class="" moz-do-not-send="true">www.tuev-nord.de</a></span></b><o:p class=""></o:p></pre>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""><br
class="">
<br class="">
<br class="">
<br class="">
<o:p class=""></o:p></div>
<pre style="margin: 0in; font-size: 10pt; font-family: "Courier New";" class="">_______________________________________________<o:p class=""></o:p></pre>
<pre style="margin: 0in; font-size: 10pt; font-family: "Courier New";" class="">Smcwg-public mailing list<o:p class=""></o:p></pre>
<pre style="margin: 0in; font-size: 10pt; font-family: "Courier New";" class=""><a href="mailto:Smcwg-public@cabforum.org" style="color: rgb(5, 99, 193); text-decoration: underline;" class="moz-txt-link-freetext" moz-do-not-send="true">Smcwg-public@cabforum.org</a><o:p class=""></o:p></pre>
<pre style="margin: 0in; font-size: 10pt; font-family: "Courier New";" class=""><a href="https://lists.cabforum.org/mailman/listinfo/smcwg-public" style="color: rgb(5, 99, 193); text-decoration: underline;" class="moz-txt-link-freetext" moz-do-not-send="true">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a><o:p class=""></o:p></pre>
</blockquote>
<div style="margin: 0in; font-size: 11pt;
font-family: Calibri, sans-serif;" class=""> <o:p
class=""></o:p></div>
</blockquote>
<div style="margin: 0in; font-size: 11pt; font-family:
Calibri, sans-serif;" class=""><span
style="font-size: 12pt; font-family: "Times
New Roman ,serif", serif;" class=""> </span><o:p
class=""></o:p></div>
</blockquote>
<div style="margin: 0in; font-size: 11pt; font-family:
Calibri, sans-serif;" class=""><o:p class=""> </o:p></div>
</div>
<span style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 12px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none; float: none; display: inline
!important;" class="">_______________________________________________</span><br
style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 12px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;" class="">
<span style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 12px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none; float: none; display: inline
!important;" class="">Smcwg-public mailing list</span><br
style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 12px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;" class="">
<a href="mailto:Smcwg-public@cabforum.org" style="color:
rgb(5, 99, 193); text-decoration: underline;
font-family: Helvetica; font-size: 12px; font-style:
normal; font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; orphans: auto; text-align:
start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px;"
class="moz-txt-link-freetext" moz-do-not-send="true">Smcwg-public@cabforum.org</a><br
style="caret-color: rgb(0, 0, 0); font-family:
Helvetica; font-size: 12px; font-style: normal;
font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;" class="">
<a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=JaIplWyETjJd_oEwxnhfHcbbS0ufTY3HiF_OODBFgHM&s=FMDlYi95pwd2P5C2LcCsctga9934yXeALSAGwj0OwPY&e="
style="color: rgb(5, 99, 193); text-decoration:
underline; font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px;" class=""
moz-do-not-send="true">https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=JaIplWyETjJd_oEwxnhfHcbbS0ufTY3HiF_OODBFgHM&s=FMDlYi95pwd2P5C2LcCsctga9934yXeALSAGwj0OwPY&e=</a></div>
</blockquote>
</div>
<br class="">
<div class="">
<meta charset="UTF-8" class="">
<div dir="auto" style="text-align: start; text-indent: 0px;
word-wrap: break-word; -webkit-nbsp-mode: space; line-break:
after-white-space;" class="">
<div dir="auto" style="text-align: start; text-indent: 0px;
word-wrap: break-word; -webkit-nbsp-mode: space;
line-break: after-white-space;" class="">
<div dir="auto" style="text-align: start; text-indent:
0px; word-wrap: break-word; -webkit-nbsp-mode: space;
line-break: after-white-space;" class="">
<div style="text-align: start; text-indent: 0px;
word-wrap: break-word; -webkit-nbsp-mode: space;
line-break: after-white-space;" class="">
<div style="text-align: start; text-indent: 0px;
word-wrap: break-word; -webkit-nbsp-mode: space;
line-break: after-white-space;" class="">
<div style="text-align: start; text-indent: 0px;
word-wrap: break-word; -webkit-nbsp-mode: space;
line-break: after-white-space;" class="">
<div style="text-align: start; text-indent: 0px;
word-wrap: break-word; -webkit-nbsp-mode: space;
line-break: after-white-space;" class="">
<div style="text-align: start; text-indent: 0px;
word-wrap: break-word; -webkit-nbsp-mode:
space; line-break: after-white-space;"
class="">
<div style="text-align: start; text-indent:
0px; word-wrap: break-word;
-webkit-nbsp-mode: space; line-break:
after-white-space;" class="">
<div style="text-align: start; text-indent:
0px; word-wrap: break-word;
-webkit-nbsp-mode: space; line-break:
after-white-space;" class=""><font
class="" style="caret-color: rgb(0, 0,
0); color: rgb(0, 0, 0); letter-spacing:
normal; text-transform: none;
white-space: normal; word-spacing: 0px;
text-decoration: none;
-webkit-text-stroke-width: 0px;
font-size: 12px; font-style: normal;
font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-caps: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
font-weight: normal; line-height:
normal; text-align: start; text-indent:
0px;"><b class=""><font class=""
style="font-size: 11px;"
color="#f62400"><br
class="Apple-interchange-newline">
WISeKey SA<br class="">
</font></b></font>
<div class="" style="caret-color: rgb(0,
0, 0); color: rgb(0, 0, 0);
letter-spacing: normal; text-transform:
none; white-space: normal; word-spacing:
0px; text-decoration: none;
-webkit-text-stroke-width: 0px;
font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-caps: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
line-height: normal; text-align: start;
text-indent: 0px;"><font class=""
style="color: rgb(0, 0, 0); font-size:
12px; font-weight: normal; font-style:
normal;"><span class=""
style="font-size: 11px;"><b class="">Pedro
Fuentes<br class="">
</b>CSO - Trust Services Manager</span><br
class="">
<font class="" size="1">Office: + 41
(0) 22 594 30 00<br class="">
Mobile: + 41 (0) </font></font><span
style="color: rgb(0, 0, 0); font-size:
x-small; font-weight: normal;
font-style: normal;" class="">791 274
790</span></div>
<div class=""
style="font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
line-height: normal; text-align: start;
text-indent: 0px;"><font class=""
style="caret-color: rgb(0, 0, 0);
color: rgb(0, 0, 0); font-size: 12px;
font-style: normal; font-variant-caps:
normal; font-weight: normal;
letter-spacing: normal;
text-transform: none; white-space:
normal; word-spacing: 0px;
text-decoration: none;
-webkit-text-stroke-width: 0px;"><font
class="" size="1">Address: </font></font><font
class="" size="1">Avenue Louis-Casaï
58 | </font><span style="font-size:
x-small;" class="">1216 Cointrin |
Switzerland</span></div>
<div class=""
style="font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
line-height: normal; text-align: start;
text-indent: 0px;"><font class=""><font
class="" style="caret-color: rgb(0,
0, 0); color: rgb(0, 0, 0);
font-size: 12px; font-style: normal;
font-variant-caps: normal;
font-weight: normal; letter-spacing:
normal; text-transform: none;
white-space: normal; word-spacing:
0px; text-decoration: none;
-webkit-text-stroke-width: 0px;"
size="1"><b class="">Stay connected
with <a
href="http://www.wisekey.com"
class="" moz-do-not-send="true"><font
class="" color="#f62400">WISeKey</font></a><br
class="">
</b></font></font><span class=""
style="caret-color: rgb(0, 0, 0);
color: rgb(169, 169, 169); font-size:
10px; font-style: normal;
font-variant-caps: normal;
font-weight: normal; letter-spacing:
normal; text-transform: none;
white-space: normal; word-spacing:
0px; text-decoration: none;
-webkit-text-stroke-width: 0px;
orphans: 2; widows: 2;"><br class="">
</span></div>
<div class="" style="caret-color: rgb(0,
0, 0); color: rgb(0, 0, 0);
letter-spacing: normal; text-transform:
none; white-space: normal; word-spacing:
0px; text-decoration: none;
-webkit-text-stroke-width: 0px;
font-size: 12px; font-style: normal;
font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-caps: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
font-weight: normal; line-height:
normal; text-align: start; text-indent:
0px;">
<div class=""
style="font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
line-height: normal;"><span class=""
style="orphans: 2; widows: 2;"><font
class="" size="1" color="#78a600"><b
class="">THIS IS A TRUSTED MAIL</b>:
This message is digitally signed
with a WISeKey identity. If
you get a mail from WISeKey please
check the signature to avoid
security risks</font></span></div>
<div class=""
style="font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
line-height: normal;"><span class=""
style="orphans: 2; widows: 2;
font-size: 9px;"><font class=""
color="#a9a9a9"><br class="">
</font></span></div>
<div class=""
style="font-variant-ligatures: normal;
font-variant-position: normal;
font-variant-numeric: normal;
font-variant-alternates: normal;
font-variant-east-asian: normal;
line-height: normal;">
<div class="" style="orphans: 2;
widows: 2;"><font class=""
style="font-size: 9px;"
color="#a9a9a9"><b class="">CONFIDENTIALITY: </b>This
email and any files
transmitted with it can be
confidential and it’s intended
solely for the use of
the individual or entity to which
they are addressed. If you are not
the named addressee you should not
disseminate, distribute or copy
this e-mail. If you have
received this email in error
please notify the sender</font></div>
<div class="" style="orphans: 2;
widows: 2;"><font class=""
style="font-size: 9px;"
color="#a9a9a9"><br class="">
</font></div>
<div class="" style="orphans: 2;
widows: 2;"><font class=""
style="font-size: 9px;"
color="#a9a9a9"><b class="">DISCLAIMER: </b>WISeKey
does not warrant the accuracy
or completeness of this message
and does not accept any liability
for any errors or omissions herein
as this message has
been transmitted over a public
network. Internet
communications cannot be
guaranteed to be secure or
error-free as information may be
intercepted, corrupted, or contain
viruses. Attachments to this
e-mail are checked for viruses;
however, we do not accept any
liability for any damage sustained
by viruses and therefore you are
kindly requested to check for
viruses upon receipt.</font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br class="">
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Smcwg-public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Smcwg-public@cabforum.org">Smcwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/smcwg-public">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a>
</pre>
</blockquote>
</body>
</html>