<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal>Yes, thank you Rob and Clint.<o:p></o:p></p><p class=MsoNormal>Please add it to the issues list in Github, so we can add track it for the next ballot.<o:p></o:p></p><p class=MsoNormal>As it happens, I think that Psuedonyms have been an area of interest in the Sponsor-validated type during the implementation of the SBR, so a “revisit” based on that experience may be in order after September.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> Smcwg-public <smcwg-public-bounces@cabforum.org> <b>On Behalf Of </b>Clint Wilson via Smcwg-public<br><b>Sent:</b> Monday, July 17, 2023 3:16 PM<br><b>To:</b> Robert Lee <robert.lee@globalsign.com>; SMIME Certificate Working Group <smcwg-public@cabforum.org><br><b>Subject:</b> Re: [Smcwg-public] CommonNames, Pseudonyms, GivenNames and Surnames<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Hi Rob,<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>I think minimally filing an issue in <a href="https://url.avanan.click/v2/___https:/github.com/cabforum/smime/issues___.YXAzOmRpZ2ljZXJ0OmE6bzo3YWFhOWVmNWIwZjZhYTc1YmY4NzNiZmMxMWYzYjkxNDo2OmM0MWQ6MjNjMTc2M2NmMjc5ZTA2MWMyNzU0ZDE2M2NkYzQ4ZTJjN2E3YjE4MWE5NzhjZjMxMDZlNjA4MTcyY2FkMDZmMjpoOkY" title="Protected by Avanan: https://github.com/cabforum/smime/issues">https://github.com/cabforum/smime/issues</a> would be a good thing to do to track this potential conflict.<o:p></o:p></p></div><div><p class=MsoNormal>FWIW, I also think the issue identified is indeed an issue (though probably not major) and your proposed updates seem reasonable to me as well.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Cheers,<o:p></o:p></p></div><div><p class=MsoNormal>-Clint<o:p></o:p></p><div><p class=MsoNormal><br><br><o:p></o:p></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal>On Jul 13, 2023, at 6:52 AM, Robert Lee via Smcwg-public <<a href="mailto:smcwg-public@cabforum.org">smcwg-public@cabforum.org</a>> wrote:<o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>Dear all,<span style='font-size:12.0pt'><o:p></o:p></span></p></div><div><p class=MsoNormal> <span style='font-size:12.0pt'><o:p></o:p></span></p></div><div><p class=MsoNormal>I’m emailing because I think some further clarification may be needed in section 7.1.4.2.2(a) around commonNames as Personal Names or Pseudonyms (capital ‘P’ based on SMC03 changes).<span style='font-size:12.0pt'><o:p></o:p></span></p></div><div><p class=MsoNormal> <span style='font-size:12.0pt'><o:p></o:p></span></p></div><div><p class=MsoNormal>What I think is needed is to align some of the uses of commonNames with the existing rules around if subject:pseudonym is present then subject:givenName/subject:surname SHALL NOT be present and the vice versa rule. My understanding/assumption is that the pseudonym/givenName/surname rules are in place to make an SMIME certificate a Pseudonym cert or a Personal Name cert and not to be both at the same time (especially as putting one’s name into the cert would dramatically reduce any privacy afforded by using a Pseudonym).<span style='font-size:12.0pt'><o:p></o:p></span></p></div><div><p class=MsoNormal> <span style='font-size:12.0pt'><o:p></o:p></span></p></div><div><p class=MsoNormal>However, the options for commonName in sponsor and individual validated certificates don't entirely work with the above as currently you _<i>could</i>_ have a subject:pseudonym and then put your Personal Name in the commonName which doesn't track with my understanding/assumption of what the pseudonym/givenName/surname rules are supposed to achieve.<span style='font-size:12.0pt'><o:p></o:p></span></p></div><div><p class=MsoNormal> <span style='font-size:12.0pt'><o:p></o:p></span></p></div><div><p class=MsoNormal>I don’t think it’s a difficult thing to fix though. Adding the following lines to 7.1.4.2.2(a) should close this hole effectively enough:<span style='font-size:12.0pt'><o:p></o:p></span></p></div><div><p class=MsoNormal> <span style='font-size:12.0pt'><o:p></o:p></span></p></div><div><p class=MsoNormal>“If the subject:commonName contains a Pseudonym, then the subject:givenName and/or subject:surname attributes SHALL NOT be present.”<span style='font-size:12.0pt'><o:p></o:p></span></p></div><div><p class=MsoNormal> <span style='font-size:12.0pt'><o:p></o:p></span></p></div><div><p class=MsoNormal>“If the subject:commonName contains a Personal Name, then the subject:pseudonym attribute SHALL NOT be present.”<span style='font-size:12.0pt'><o:p></o:p></span></p></div><div><p class=MsoNormal> <span style='font-size:12.0pt'><o:p></o:p></span></p></div><div><p class=MsoNormal>If people broadly agree with my suggestion then I’m happy to make a PR into the BRs or somewhere else if, like SMC03, there’ll be a branch collecting changes in someone’s fork of the document.<span style='font-size:12.0pt'><o:p></o:p></span></p></div><div><p class=MsoNormal> <span style='font-size:12.0pt'><o:p></o:p></span></p></div><div><p class=MsoNormal>Best Regards,<span style='font-size:12.0pt'><o:p></o:p></span></p></div><div><p class=MsoNormal>Rob<span style='font-size:12.0pt'><o:p></o:p></span></p></div><div><p class=MsoNormal> <span style='font-size:12.0pt'><o:p></o:p></span></p></div><div><div><div><p class=MsoNormal style='background:white'><b><span style='color:#18376A'>Dr. Robert Lee MEng PhD</span></b><span style='font-size:12.0pt'><o:p></o:p></span></p></div><div><p class=MsoNormal style='background:white'><span style='color:#18376A;background:white'>Senior Software Engineer with Cryptography SME</span><span style='font-size:12.0pt'><o:p></o:p></span></p></div><div><p class=MsoNormal style='background:white'><span style='font-size:12.0pt;color:black'><a href="https://url.avanan.click/v2/___http:/www.globalsign.co.uk/___.YXAzOmRpZ2ljZXJ0OmE6bzo3YWFhOWVmNWIwZjZhYTc1YmY4NzNiZmMxMWYzYjkxNDo2Ojg0ZmY6YmUwYjE5MTJlYWUzNDc3ZDAwODE0NDQzMGRmMjM2ZGUxY2FlMTBlYWY2ZDk1OWUzMDc0ZWE3N2Q2YjYzMzVmMjpoOkY" target="_blank" title="Protected by Avanan: http://www.globalsign.co.uk/"><span style='font-size:11.0pt;color:#0563C1'>www.globalsign.co.uk</span></a></span><span style='color:#18376A'>|</span><span style='font-size:12.0pt;color:black'><a href="https://url.avanan.click/v2/___http:/www.globalsign.eu/___.YXAzOmRpZ2ljZXJ0OmE6bzo3YWFhOWVmNWIwZjZhYTc1YmY4NzNiZmMxMWYzYjkxNDo2OjI5YWQ6M2NiZTEwY2QyYmNlNDQ4ZTE1ZmUyZjk1ZTFjZjFiNTgyNGQwOTc5NTIwNTRiNzlhODFmYWNhZDhkOGQ4ODUzMDpoOkY" target="_blank" title="Protected by Avanan: http://www.globalsign.eu/"><span style='font-size:11.0pt;color:#0B4CB4'>www.globalsign.eu</span></a></span><span style='font-size:12.0pt'><o:p></o:p></span></p></div></div></div><div><p class=MsoNormal><span style='font-size:12.0pt'> <o:p></o:p></span></p></div><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif'>_______________________________________________<br>Smcwg-public mailing list<br></span><a href="mailto:Smcwg-public@cabforum.org"><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#0563C1'>Smcwg-public@cabforum.org</span></a><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif'><br></span><a href="https://url.avanan.click/v2/___https:/lists.cabforum.org/mailman/listinfo/smcwg-public___.YXAzOmRpZ2ljZXJ0OmE6bzo3YWFhOWVmNWIwZjZhYTc1YmY4NzNiZmMxMWYzYjkxNDo2Ojk0ZDU6MmIzYjJjZDFjYTIwNTUzM2UyMmI1NmVjZWIyNTc2M2UxMTAyNGEyNDI5MWViOGQ2ODM4MDc5ZDMwZjk5ZjExMDpoOkY" title="Protected by Avanan: https://lists.cabforum.org/mailman/listinfo/smcwg-public"><span style='font-size:9.0pt;font-family:"Helvetica",sans-serif;color:#0563C1'>https://lists.cabforum.org/mailman/listinfo/smcwg-public</span></a><o:p></o:p></p></div></blockquote></div><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>