<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><font face="Calibri">Not necessarily: the email address can be
transmitted to the CA as a separate datum. <br>
</font></p>
<p><font face="Calibri">Indeed, I would say that this is preferable
because it allows syntax checking on the email address without
even starting to look at the CSR, from which in my opinion only
the public key should be taken.<br>
</font></p>
<p><font face="Calibri">Adriano</font></p>
<p><font face="Calibri"><br>
</font></p>
<div class="moz-cite-prefix">Il 29/09/2023 21:21, Ben Wilson via
Smcwg-public ha scritto:<br>
</div>
<blockquote type="cite"
cite="mid:0100018ae263a9a7-3e84e260-b7d7-43c5-85cb-d1425682cb27-000000@email.amazonses.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title></title>
<div align="center">
<table width="30%" cellspacing="2" cellpadding="2" border="1">
<tbody>
<tr>
<td valign="top" bgcolor="#ffff00"> <span
style="color: red;">NOTICE:</span> Pay attention -
external email - Sender is
<a class="moz-txt-link-abbreviated" href="mailto:0100018ae263a9a7-3e84e260-b7d7-43c5-85cb-d1425682cb27-000000@amazonses.com">0100018ae263a9a7-3e84e260-b7d7-43c5-85cb-d1425682cb27-000000@amazonses.com</a>
</td>
</tr>
</tbody>
</table>
<br>
</div>
<br>
<div dir="auto">Shouldn't at least the email address be
included, and verified, of course, by the CA?</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, Sep 29, 2023, 11:35 AM
Pedro FUENTES <<a href="mailto:pfuentes@wisekey.com"
moz-do-not-send="true" class="moz-txt-link-freetext">pfuentes@wisekey.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="auto">
<div dir="ltr">+1</div>
<div dir="ltr"><br>
</div>
<div dir="ltr"><br>
<blockquote type="cite">Le 29 sept. 2023 à 17:52, Clint
Wilson via
Smcwg-public <<a
href="mailto:smcwg-public@cabforum.org"
target="_blank" rel="noreferrer"
moz-do-not-send="true" class="moz-txt-link-freetext">smcwg-public@cabforum.org</a>>
a
écrit :<br>
<br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">Hi all,
<div><br>
</div>
<div>In my opinion, CSRs should really be limited to
conveying the
public key and a proof of possession of the private
key; the fields
included therein <i>may</i> act as confirmatory
signals for a CA,
but shouldn’t be directly relied upon e.g. to generate
a
tbsCertificate. Rather, the values placed in fields of
a
tbsCertificate should originate from the CA’s
validated data store
to ensure that the only paths for data to become part
of a signed
certificate are through static configurations (e.g.
signatureAlgorithm) or known-validated data.</div>
<div><br>
</div>
<div>There’s plenty of nuance we can discuss as well,
but generally
speaking I believe it’s bad practice to rely on fields
in the
CSR.</div>
<div><br>
</div>
<div>Cheers,</div>
<div>-Clint<br
id="m_-6534719190591544900lineBreakAtBeginningOfMessage">
<div><br>
<blockquote type="cite">
<div>On Sep 29, 2023, at 8:27 AM, Ben Wilson via
Smcwg-public
<<a href="mailto:smcwg-public@cabforum.org"
target="_blank" rel="noreferrer"
moz-do-not-send="true"
class="moz-txt-link-freetext">smcwg-public@cabforum.org</a>>
wrote:</div>
<br>
<div>
<div dir="ltr">
<div>All,</div>
<div>I'm interested in gathering information
from Certificate
Issuers about the kind of information that
they would like to
collect/extract from the CSRs they receive
from S/MIME certificate
applicants. This information could be used
to refine a system to
generate CSRs that result in certificates
compliant with the
various profiles defined in the S/MIME BRs.
Alternatively, what is
the minimum amount of information that CAs
might expect to obtain
from CSRs? In other words, which fields
should a CSR generator
integrated with a Certificate Consumer's
software
support?</div>
<div>Thanks,</div>
<div>Ben<br>
</div>
</div>
_______________________________________________<br>
Smcwg-public mailing list<br>
<a href="mailto:Smcwg-public@cabforum.org"
target="_blank" rel="noreferrer"
moz-do-not-send="true"
class="moz-txt-link-freetext">Smcwg-public@cabforum.org</a><br>
<a
href="https://lists.cabforum.org/mailman/listinfo/smcwg-public"
target="_blank" rel="noreferrer"
moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a><br>
</div>
</blockquote>
</div>
<br>
</div>
<span>_______________________________________________</span><br>
<span>Smcwg-public mailing list</span><br>
<span><a href="mailto:Smcwg-public@cabforum.org"
target="_blank" rel="noreferrer"
moz-do-not-send="true" class="moz-txt-link-freetext">Smcwg-public@cabforum.org</a></span><br>
<span><a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=SdzPRXhti18pWLmVPVZwDOe4My0SBGtWzL3HSt02tHKsXpWQUw9YUb_QzXtxZYtw&s=5yodJ9UuvfVvN_CqY53dyFJyNwYRRJDEfhmuysvXrQA&e="
target="_blank" rel="noreferrer"
moz-do-not-send="true">https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=SdzPRXhti18pWLmVPVZwDOe4My0SBGtWzL3HSt02tHKsXpWQUw9YUb_QzXtxZYtw&s=5yodJ9UuvfVvN_CqY53dyFJyNwYRRJDEfhmuysvXrQA&e=</a></span><br>
</div>
</blockquote>
</div>
</blockquote>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Smcwg-public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Smcwg-public@cabforum.org">Smcwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/smcwg-public">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a>
</pre>
</blockquote>
</body>
</html>