<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">I see a potential issue with the last comment…<div class="">“not declare a policy referring to the CABF requirements” could become in the future a mis issuance if the certificate contains the secure email EKU… as it happens now with the serverAuth EKU and the CABF OIDs for TLS<br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On 10 Mar 2022, at 09:06, Adriano Santoni via Smcwg-public <<a href="mailto:smcwg-public@cabforum.org" class="">smcwg-public@cabforum.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta charset="UTF-8" class=""><p style="margin-right: 0cm; margin-left: 0cm; font-size: 12pt; font-family: "Times New Roman", serif; caret-color: rgb(0, 0, 0); font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><font face="Calibri" class="">But here we are developing an /industry/ standard that - as such - need not be eIDAS-compliant.<span class="Apple-converted-space"> </span><br class=""></font></p><p style="margin-right: 0cm; margin-left: 0cm; font-size: 12pt; font-family: "Times New Roman", serif; caret-color: rgb(0, 0, 0); font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><font face="Calibri" class="">Besides, Article 5 (2) of eIDAS refers to transactions, not certificates.<span class="Apple-converted-space"> </span><br class=""></font></p><p style="margin-right: 0cm; margin-left: 0cm; font-size: 12pt; font-family: "Times New Roman", serif; caret-color: rgb(0, 0, 0); font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><font face="Calibri" class="">In fact, eIDAS mention pseudonyms only with reference to /qualified/ electronic signature certificates, which are not the subject of<span class="Apple-converted-space"> </span></font><font face="Calibri" class="">the<span class="Apple-converted-space"> </span></font><font face="Calibri" class=""><font face="Calibri" class="">SMCWG .</font></font></p><p style="margin-right: 0cm; margin-left: 0cm; font-size: 12pt; font-family: "Times New Roman", serif; caret-color: rgb(0, 0, 0); font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><font face="Calibri" class="">Some CA may also want to issue S/MIME certificates containing pseudonyms, and be succesfully audited against eIDAS and the relevant ETSI norms, but in such a case they should not declare a policy referring to the CABF requirements we are developing here.<br class=""></font></p><p style="margin-right: 0cm; margin-left: 0cm; font-size: 12pt; font-family: "Times New Roman", serif; caret-color: rgb(0, 0, 0); font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><font face="Calibri" class="">Adriano</font></p><p style="margin-right: 0cm; margin-left: 0cm; font-size: 12pt; font-family: "Times New Roman", serif; caret-color: rgb(0, 0, 0); font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><font face="Calibri" class=""></font><br class=""></p><div class="moz-cite-prefix" style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">Il 10/03/2022 08:05, Wiedenhorst, Matthias via Smcwg-public ha scritto:<br class=""></div><blockquote type="cite" cite="mid:0100017f72a57474-010447f2-1571-417f-8796-21ea1010a9dd-000000@email.amazonses.com" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><div class="WordSection1" style="page: WordSection1;"><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(31, 73, 125);" class="">Hi all!<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""> </o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-GB" style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(31, 73, 125);" class="">Article 5 (2) eIDAS reads:<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><i class=""><span lang="EN-GB" style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(31, 73, 125);" class="">“Without prejudice to the legal effect given to pseudonyms under national law, the use of pseudonyms in electronic transactions shall not be prohibited.”<o:p class=""></o:p></span></i></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-GB" style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""> </o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-GB" style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(31, 73, 125);" class="">I am not a lawyer, but to me it sounds as if prohibiting pseudonyms could cause problems within the EU.<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-GB" style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""> </o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-GB" style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(31, 73, 125);" class="">Legitimate use cases that I have heard of from different CAs are for example persons from the “law enforcement area” that are in danger to be threatened or even attacked in their private live when their full real name is known.<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-GB" style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(31, 73, 125);" class="">As already pointed out, a pseudonym certificate is not an anonymous certificate, but only the CA is able to reveal identity. Identification of the person has to be performed identically as if a certificate without pseudonym would be issued.<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-GB" style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""> </o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-GB" style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(31, 73, 125);" class="">Best regards<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-GB" style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(31, 73, 125);" class="">Matthias<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-GB" class=""><o:p class=""> </o:p></span></div><div class=""><div style="border-style: solid none none; border-top-width: 1pt; border-top-color: rgb(225, 225, 225); padding: 3pt 0cm 0cm;" class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class="">Von:</b><span class="Apple-converted-space"> </span>Smcwg-public<span class="Apple-converted-space"> </span><a class="moz-txt-link-rfc2396E" href="mailto:smcwg-public-bounces@cabforum.org" style="color: purple; text-decoration: underline;"><smcwg-public-bounces@cabforum.org></a><span class="Apple-converted-space"> </span><b class="">Im Auftrag von<span class="Apple-converted-space"> </span></b>Stephen Davidson via Smcwg-public<br class=""><b class="">Gesendet:</b><span class="Apple-converted-space"> </span>Mittwoch, 9. März 2022 15:34<br class=""><b class="">An:</b><span class="Apple-converted-space"> </span>Pedro FUENTES<span class="Apple-converted-space"> </span><a class="moz-txt-link-rfc2396E" href="mailto:pfuentes@WISEKEY.COM" style="color: purple; text-decoration: underline;"><pfuentes@WISEKEY.COM></a>; SMIME Certificate Working Group<span class="Apple-converted-space"> </span><a class="moz-txt-link-rfc2396E" href="mailto:smcwg-public@cabforum.org" style="color: purple; text-decoration: underline;"><smcwg-public@cabforum.org></a>; Dimitris Zacharopoulos (HARICA)<span class="Apple-converted-space"> </span><a class="moz-txt-link-rfc2396E" href="mailto:dzacharo@harica.gr" style="color: purple; text-decoration: underline;"><dzacharo@harica.gr></a><br class=""><b class="">Betreff:</b><span class="Apple-converted-space"> </span>Re: [Smcwg-public] [EXTERNAL]-Re: Common Name contents<o:p class=""></o:p></div></div></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">In general, the CA is supposed to validate the true identity of a holder behind a subject:pseudonym. This is different from an anonymous cert.<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">The difficulty we face is that, having chosen to require Subject identity information to be verified, it would be inconsistent to allow the freeform use of pseudonyms.<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">As far as I know, only Germany provides the options for alternative “religious names or pseudonyms” on their national ID:<a href="https://www.consilium.europa.eu/prado/en/DEU-BO-02004/image-344552.html" moz-do-not-send="true" class="moz-txt-link-freetext" style="color: purple; text-decoration: underline;">https://www.consilium.europa.eu/prado/en/DEU-BO-02004/image-344552.html</a><span class="Apple-converted-space"> </span>... So that significantly narrows the options for verifying pseudonyms!<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">My personal belief is that we should drop the use of pseudonyms from this draft. I hope that SMCWG members that disagree with this will speak up.<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">The Mailbox-validated (MV) profiles are probably more appropriate for users not wishing “real name” identity to be in their certs.<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""><o:p class=""> </o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">Regards, Stephen<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""><o:p class=""> </o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""><o:p class=""> </o:p></span></div><div class=""><div style="border-style: solid none none; border-top-width: 1pt; border-top-color: rgb(225, 225, 225); padding: 3pt 0cm 0cm;" class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class=""><span lang="EN-US" class="">From:</span></b><span lang="EN-US" class=""><span class="Apple-converted-space"> </span>Smcwg-public <<a href="mailto:smcwg-public-bounces@cabforum.org" moz-do-not-send="true" class="moz-txt-link-freetext" style="color: purple; text-decoration: underline;">smcwg-public-bounces@cabforum.org</a>><span class="Apple-converted-space"> </span><b class="">On Behalf Of<span class="Apple-converted-space"> </span></b>Pedro FUENTES via Smcwg-public<br class=""><b class="">Sent:</b><span class="Apple-converted-space"> </span>Monday, March 7, 2022 2:35 PM<br class=""><b class="">To:</b><span class="Apple-converted-space"> </span>Dimitris Zacharopoulos (HARICA) <<a href="mailto:dzacharo@harica.gr" moz-do-not-send="true" class="moz-txt-link-freetext" style="color: purple; text-decoration: underline;">dzacharo@harica.gr</a>>; SMIME Certificate Working Group <<a href="mailto:smcwg-public@cabforum.org" moz-do-not-send="true" class="moz-txt-link-freetext" style="color: purple; text-decoration: underline;">smcwg-public@cabforum.org</a>><br class=""><b class="">Subject:</b><span class="Apple-converted-space"> </span>Re: [Smcwg-public] [EXTERNAL]-Re: Common Name contents<o:p class=""></o:p></span></div></div></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""><o:p class=""> </o:p></span></div><div class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">Could it be just acceptable that a pseudonym is freely chosen by a subscriber?<o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">In other words… could it be acceptable to have names in the subjectName which don’t require validation?<o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">We don’t currently use such attributes, but I wonder if this could be good to reserve certain flexibility for use cases where anonymization is desired. <o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">Pedro<o:p class=""></o:p></span></div></div><div class=""><p class="MsoNormal" style="margin: 0cm 0cm 12pt; font-size: 11pt; font-family: Calibri, sans-serif;"><span lang="EN-US" class=""><o:p class=""> </o:p></span></p><blockquote style="margin-top: 5pt; margin-bottom: 5pt;" class=""><p class="MsoNormal" style="margin: 0cm 0cm 12pt; font-size: 11pt; font-family: Calibri, sans-serif;"><span lang="EN-US" class="">Le 7 mars 2022 à 18:58, Dimitris Zacharopoulos (HARICA) via Smcwg-public <<a href="mailto:smcwg-public@cabforum.org" moz-do-not-send="true" class="moz-txt-link-freetext" style="color: purple; text-decoration: underline;">smcwg-public@cabforum.org</a>> a écrit :<o:p class=""></o:p></span></p></blockquote></div><blockquote style="margin-top: 5pt; margin-bottom: 5pt;" class=""><div class=""><p class="MsoNormal" style="margin: 0cm 0cm 12pt; font-size: 11pt; font-family: Calibri, sans-serif;"><span lang="EN-US" class=""> Unless CAs have some clear rules on how to validate pseudonyms, I also believe we should exclude this attribute from the allowed profiles which makes this attribute practically not allowed. We must be explicit about this because other attributes may be allowed.<br class=""><br class="">Dimitris.<o:p class=""></o:p></span></p><div class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">On 7/3/2022 9:41 π.μ., Adriano Santoni via Smcwg-public wrote:<o:p class=""></o:p></span></div></div><blockquote style="margin-top: 5pt; margin-bottom: 5pt;" class=""><p style="margin-right: 0cm; margin-left: 0cm; font-size: 12pt; font-family: "Times New Roman", serif;" class=""><span lang="EN-US" class="">We do not support pseudonyms, and do not think there is a need for them.<o:p class=""></o:p></span></p><blockquote style="margin-top: 5pt; margin-bottom: 5pt;" class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">...we could even chose to exclude this attribute from the allowed profiles<o:p class=""></o:p></span></div></blockquote><p style="margin-right: 0cm; margin-left: 0cm; font-size: 12pt; font-family: "Times New Roman", serif;" class=""><span lang="EN-US" class="">Yes, that's what we suggest to do: exclude this attribute from the allowed profiles.<o:p class=""></o:p></span></p><p style="margin-right: 0cm; margin-left: 0cm; font-size: 12pt; font-family: "Times New Roman", serif;" class=""><span lang="EN-US" class="">Adriano<o:p class=""></o:p></span></p><p style="margin-right: 0cm; margin-left: 0cm; font-size: 12pt; font-family: "Times New Roman", serif;" class=""><span lang="EN-US" class=""><o:p class=""> </o:p></span></p><div class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">Il 02/03/2022 18:43, Stephen Davidson via Smcwg-public ha scritto:<o:p class=""></o:p></span></div></div><blockquote style="margin-top: 5pt; margin-bottom: 5pt;" class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">Hi Doug:<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""> <o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">1. Further to our discussion today, the language in ETSI EN 319 412-2 probably has the clearest definition:<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""> <o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt 36pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">The commonName attribute value shall contain a name of the subject. This may be in the subject's preferred presentation format, or a format preferred by the CA, or some other format. Pseudonyms, nicknames, and names with spelling other than defined by the registered name may be used.<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt 36pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""> <o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt 36pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">NOTE 1: The commonName attribute has a usage purpose that is different from the required choice of pseudonym or givenName/surname. commonName is used for user friendly representation of the person's name, whereas givenName/surname is used where more formal representation or verification of specific identity of the user is required. To maximize interoperability both are considered necessary.<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""> <o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">It does not give guidance on the scope for “user friendly representation of the person's name” and as far as I can tell, most TSPs apply either (givenName and surname) or pseudonym in that field.<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""> <o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">Notwithstanding this, our previous discussions had been for the commonName to include verified information for the purposes of the S/MIME BR, leading to the options described<span class="Apple-converted-space"> </span><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_cabforum_smime_blob_preSBR_SBR.md-2371422-2Dsubject-2Ddistinguished-2Dname-2Dfields&d=DwMDaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=NCuXVva5JxiZue0JFxEbVTEZS67ltuKPjLakEuBlN-Q&s=SikwTyV2nbwaM8CjAAm0ewzVcCUuXH_rrJl0zlNlYwQ&e=" moz-do-not-send="true" style="color: purple; text-decoration: underline;" class="">here</a>.<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""> <o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class=""><u class=""><span lang="EN-US" class="">We are interested in hearing perspectives from both Certificate Issuers and Certificate Issuers on this point.</span></u></b><span lang="EN-US" class=""><o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""> <o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">2. The handling of subject:pseudonym is still an unresolved issue – and so text still needs to be tightened up. We are working from the basis that Subject information must be verified, so this would also apply to pseudonym (ie not a self reported name). Pseudonym identity is, by definition, linked to the person’s real identity<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""> <o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">ETSI TS 199 461 tries to deal with it by saying:<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""> <o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt 36pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">Although the outcome of the identity proofing can be a pseudonym identity, identity proofing requires identification of the real identity of the person as determined by applicable identity documents, official registers or other authoritative sources.<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt 36pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""> <o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">But as far as I can tell, only Germany provides pseudonym as an information attribute on official identity documents. Given the lack of clarity, we could even chose to exclude this attribute from the allowed profiles.<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""> <o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class=""><u class=""><span lang="EN-US" class="">We’d be interested to hear from Certificate Issuers what their practices are using the pseudonym in regulated certificate types.</span></u></b><span lang="EN-US" class=""><o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""> <o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">Best, Stephen<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""> <o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">Stephen Davidson<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">DigiCert Governance, Risk & Compliance<br class=""><a href="mailto:stephen.davidson@digicert.com" moz-do-not-send="true" class="moz-txt-link-freetext" style="color: purple; text-decoration: underline;">stephen.davidson@digicert.com</a><o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">O 1.441.278.2803 | M 1.441.505.4908<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""> <o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><code style="font-family: "Courier New";" class=""><span lang="EN-US" style="font-size: 10pt;" class=""> </span></code><span lang="EN-US" class=""><o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""> <o:p class=""></o:p></span></div><div class=""><div style="border-style: solid none none; border-top-width: 1pt; border-top-color: rgb(225, 225, 225); padding: 3pt 0cm 0cm;" class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class=""><span lang="EN-US" class="">From:</span></b><span lang="EN-US" class=""><span class="Apple-converted-space"> </span>Doug Beattie<span class="Apple-converted-space"> </span><a href="mailto:doug.beattie@globalsign.com" moz-do-not-send="true" style="color: purple; text-decoration: underline;" class=""><doug.beattie@globalsign.com></a><span class="Apple-converted-space"> </span><br class=""><b class="">Sent:</b><span class="Apple-converted-space"> </span>Wednesday, March 2, 2022 1:10 PM<br class=""><b class="">To:</b><span class="Apple-converted-space"> </span>Stephen Davidson<span class="Apple-converted-space"> </span><a href="mailto:Stephen.Davidson@digicert.com" moz-do-not-send="true" style="color: purple; text-decoration: underline;" class=""><Stephen.Davidson@digicert.com></a>; SMIME Certificate Working Group<a href="mailto:smcwg-public@cabforum.org" moz-do-not-send="true" style="color: purple; text-decoration: underline;" class=""><smcwg-public@cabforum.org></a><br class=""><b class="">Subject:</b><span class="Apple-converted-space"> </span>Common Name contents<o:p class=""></o:p></span></div></div></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""> <o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">Hey Stephen,<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""> <o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">During the call today it was mentioned that all of the subject info pulled from the certificates and displayed via GUI needs to be validated (no more OU logic). I went back and looked at the options for Sponsor validated certs and it permits the Pseudonym to be present in the CN. <span class="Apple-converted-space"> </span><o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""> <o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">I went to check the rules for validation and found this:<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""> <o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">f.<span class="Apple-converted-space"> </span><strong class=""><span style="font-family: Calibri, sans-serif;" class="">Certificate Field:</span></strong><span class="Apple-converted-space"> </span></span><code style="font-family: "Courier New";" class=""><span lang="EN-US" style="font-size: 10pt;" class="">subject:pseudonym</span></code><span lang="EN-US" class=""><span class="Apple-converted-space"> </span>(2.5.4.65)<br class=""><strong class=""><span style="font-family: Calibri, sans-serif;" class="">Contents:</span></strong><span class="Apple-converted-space"> </span>The pseudonym attribute MUST NOT be present if the givenName and/or surname attribute are present. If present, the<span class="Apple-converted-space"> </span></span><code style="font-family: "Courier New";" class=""><span lang="EN-US" style="font-size: 10pt;" class="">subject:pseudonym</span></code><span lang="EN-US" class=""><span class="Apple-converted-space"> </span>field field MUST be verified according to<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_cabforum_smime_blob_preSBR_SBR.md-23323-2Dauthentication-2Dof-2Dindividual-2Didentity&d=DwMDaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=NCuXVva5JxiZue0JFxEbVTEZS67ltuKPjLakEuBlN-Q&s=nliz6I7gIbr8WMy3LZQ94CqxFqzTqVpunO8t0YqxuCo&e=" moz-do-not-send="true" style="color: purple; text-decoration: underline;" class="">Section 3.2.3</a>.<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""> <o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">But I could not find any references to this field in that section, or section 3.2.4 that indicates how this is to be validated. Are there CA validation rules for this, or can any value be supplied?<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""> <o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class="">Doug<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""> <o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""> <o:p class=""></o:p></span></div><p class="MsoNormal" style="margin: 0cm 0cm 12pt; font-size: 11pt; font-family: Calibri, sans-serif;"><span lang="EN-US" class=""><o:p class=""> </o:p></span></p><pre style="margin: 0cm 0cm 0.0001pt; font-size: 10pt; font-family: "Courier New";" class=""><span lang="EN-US" class="">_______________________________________________<o:p class=""></o:p></span></pre><pre style="margin: 0cm 0cm 0.0001pt; font-size: 10pt; font-family: "Courier New";" class=""><span lang="EN-US" class="">Smcwg-public mailing list<o:p class=""></o:p></span></pre><pre style="margin: 0cm 0cm 0.0001pt; font-size: 10pt; font-family: "Courier New";" class=""><span lang="EN-US" class=""><a href="mailto:Smcwg-public@cabforum.org" moz-do-not-send="true" class="moz-txt-link-freetext" style="color: purple; text-decoration: underline;">Smcwg-public@cabforum.org</a><o:p class=""></o:p></span></pre><pre style="margin: 0cm 0cm 0.0001pt; font-size: 10pt; font-family: "Courier New";" class=""><span lang="EN-US" class=""><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwMDaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=NCuXVva5JxiZue0JFxEbVTEZS67ltuKPjLakEuBlN-Q&s=M6K8kM_fZBp_w11MPEbpQzwTErczaQV8-qlOhtEiIMg&e=" moz-do-not-send="true" style="color: purple; text-decoration: underline;" class="">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a><o:p class=""></o:p></span></pre></blockquote><p class="MsoNormal" style="margin: 0cm 0cm 12pt; font-size: 11pt; font-family: Calibri, sans-serif;"><span lang="EN-US" class=""><o:p class=""> </o:p></span></p><pre style="margin: 0cm 0cm 0.0001pt; font-size: 10pt; font-family: "Courier New";" class=""><span lang="EN-US" class="">_______________________________________________<o:p class=""></o:p></span></pre><pre style="margin: 0cm 0cm 0.0001pt; font-size: 10pt; font-family: "Courier New";" class=""><span lang="EN-US" class="">Smcwg-public mailing list<o:p class=""></o:p></span></pre><pre style="margin: 0cm 0cm 0.0001pt; font-size: 10pt; font-family: "Courier New";" class=""><span lang="EN-US" class=""><a href="mailto:Smcwg-public@cabforum.org" moz-do-not-send="true" class="moz-txt-link-freetext" style="color: purple; text-decoration: underline;">Smcwg-public@cabforum.org</a><o:p class=""></o:p></span></pre><pre style="margin: 0cm 0cm 0.0001pt; font-size: 10pt; font-family: "Courier New";" class=""><span lang="EN-US" class=""><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwMDaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=NCuXVva5JxiZue0JFxEbVTEZS67ltuKPjLakEuBlN-Q&s=M6K8kM_fZBp_w11MPEbpQzwTErczaQV8-qlOhtEiIMg&e=" moz-do-not-send="true" style="color: purple; text-decoration: underline;" class="">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a><o:p class=""></o:p></span></pre></blockquote><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""><br class="">_______________________________________________<br class="">Smcwg-public mailing list<br class=""><a href="mailto:Smcwg-public@cabforum.org" moz-do-not-send="true" class="moz-txt-link-freetext" style="color: purple; text-decoration: underline;">Smcwg-public@cabforum.org</a><br class=""><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=NCuXVva5JxiZue0JFxEbVTEZS67ltuKPjLakEuBlN-Q&s=M6K8kM_fZBp_w11MPEbpQzwTErczaQV8-qlOhtEiIMg&e=" moz-do-not-send="true" style="color: purple; text-decoration: underline;" class="">https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=NCuXVva5JxiZue0JFxEbVTEZS67ltuKPjLakEuBlN-Q&s=M6K8kM_fZBp_w11MPEbpQzwTErczaQV8-qlOhtEiIMg&e=</a><o:p class=""></o:p></span></div></div></blockquote></div><pre style="margin: 0cm 0cm 0.0001pt; font-size: 10pt; font-family: "Courier New";" class=""><font size="1" face="arial,helvetica,sans-serif" class="">
<strong class="">______________________________________________________________________________________________________________________</strong>
<strong class="">Sitz der Gesellschaft/Headquarter:</strong> TÜV Informationstechnik GmbH * Am TÜV 1 * 45307 Essen, Germany
<strong class="">Registergericht/Register Court:</strong> Amtsgericht/Local Court Essen * HRB 11687 * USt.-IdNr./VAT No.: DE 176132277 * Steuer-Nr./Tax No.: 111/57062251
<strong class="">Geschäftsführung/Management Board:</strong> Dirk Kretzschmar
</font></pre><br class=""><pre style="margin: 0cm 0cm 0.0001pt; font-size: 10pt; font-family: "Courier New";" class=""><font size="3" face="arial,helvetica,sans-serif" class=""><b class="">TÜV NORD GROUP</b></font>
<font size="1" face="arial,helvetica,sans-serif" class="">Expertise for your Success
</font></pre><pre style="margin: 0cm 0cm 0.0001pt; font-size: 10pt; font-family: "Courier New";" class=""><font size="1" face="arial,helvetica,sans-serif" class=""><b class="">Please visit our website: <a href="http://www.tuv-nord.com/" moz-do-not-send="true" style="color: purple; text-decoration: underline;" class="">www.tuv-nord.com</a>
Besuchen Sie unseren Internetauftritt: <a href="http://www.tuev-nord.de/" moz-do-not-send="true" style="color: purple; text-decoration: underline;" class="">www.tuev-nord.de</a></b></font></pre><br class=""><fieldset class="moz-mime-attachment-header"></fieldset><pre class="moz-quote-pre" wrap="" style="margin: 0cm 0cm 0.0001pt; font-size: 10pt; font-family: "Courier New";">_______________________________________________
Smcwg-public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Smcwg-public@cabforum.org" style="color: purple; text-decoration: underline;">Smcwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/smcwg-public" style="color: purple; text-decoration: underline;">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a>
</pre></blockquote><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">_______________________________________________</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">Smcwg-public mailing list</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><a href="mailto:Smcwg-public@cabforum.org" style="color: purple; text-decoration: underline; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;" class="">Smcwg-public@cabforum.org</a><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class=""><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=ULc5Jdp4kKodPGmf6wR-qODz69T6Jixie11c-lJ0Z8k&s=EMtpfcJxjrDCBAs1tu81rjE1KJNrvIZfY1DaO7B1uUM&e=" style="color: purple; text-decoration: underline; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;" class="">https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=ULc5Jdp4kKodPGmf6wR-qODz69T6Jixie11c-lJ0Z8k&s=EMtpfcJxjrDCBAs1tu81rjE1KJNrvIZfY1DaO7B1uUM&e=</a></div></blockquote></div><br class=""><div class="">
<meta charset="UTF-8" class=""><div dir="auto" style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><font class="" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-position: normal; font-variant-caps: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-weight: normal; line-height: normal; text-align: start; text-indent: 0px;"><b class=""><font color="#f62400" class="" style="font-size: 11px;"><br class="Apple-interchange-newline">WISeKey SA<br class=""></font></b></font><div class="" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-variant-ligatures: normal; font-variant-position: normal; font-variant-caps: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal; text-align: start; text-indent: 0px;"><font class="" style="color: rgb(0, 0, 0); font-size: 12px; font-weight: normal; font-style: normal;"><span class="" style="font-size: 11px;"><b class="">Pedro Fuentes<br class=""></b>CSO - Trust Services Manager</span><br class=""><font size="1" class="">Office: + 41 (0) 22 594 30 00<br class="">Mobile: + 41 (0) </font></font><span style="color: rgb(0, 0, 0); font-size: x-small; font-weight: normal; font-style: normal;" class="">791 274 790</span></div><div class="" style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal; text-align: start; text-indent: 0px;"><font class="" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px;"><font size="1" class="">Address: </font></font><font size="1" class="">Avenue Louis-Casaï 58 | </font><span style="font-size: x-small;" class="">1216 Cointrin | Switzerland</span></div><div class="" style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal; text-align: start; text-indent: 0px;"><font class=""><font size="1" class="" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px;"><b class="">Stay connected with <a href="http://www.wisekey.com" class=""><font color="#f62400" class="">WISeKey</font></a><br class=""></b></font></font><span class="" style="caret-color: rgb(0, 0, 0); color: rgb(169, 169, 169); font-size: 10px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; orphans: 2; widows: 2;"><br class=""></span></div><div class="" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-position: normal; font-variant-caps: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-weight: normal; line-height: normal; text-align: start; text-indent: 0px;"><div class="" style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal;"><span class="" style="orphans: 2; widows: 2;"><font size="1" color="#78a600" class=""><b class="">THIS IS A TRUSTED MAIL</b>: This message is digitally signed with a WISeKey identity. If you get a mail from WISeKey please check the signature to avoid security risks</font></span></div><div class="" style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal;"><span class="" style="orphans: 2; widows: 2; font-size: 9px;"><font color="#a9a9a9" class=""><br class=""></font></span></div><div class="" style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal;"><div class="" style="orphans: 2; widows: 2;"><font color="#a9a9a9" class="" style="font-size: 9px;"><b class="">CONFIDENTIALITY: </b>This email and any files transmitted with it can be confidential and it’s intended solely for the use of the individual or entity to which they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. If you have received this email in error please notify the sender</font></div><div class="" style="orphans: 2; widows: 2;"><font color="#a9a9a9" class="" style="font-size: 9px;"><br class=""></font></div><div class="" style="orphans: 2; widows: 2;"><font color="#a9a9a9" class="" style="font-size: 9px;"><b class="">DISCLAIMER: </b>WISeKey does not warrant the accuracy or completeness of this message and does not accept any liability for any errors or omissions herein as this message has been transmitted over a public network. Internet communications cannot be guaranteed to be secure or error-free as information may be intercepted, corrupted, or contain viruses. Attachments to this e-mail are checked for viruses; however, we do not accept any liability for any damage sustained by viruses and therefore you are kindly requested to check for viruses upon receipt.</font></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>
<br class=""></div></body></html>