<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><font face="Calibri">As a first idea, how about rewording that
note in §7.1.4.2.5 the following way?</font></p>
<p><font face="Calibri">
<blockquote type="cite">
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-US">“</span>Legacy Generation profiles MAY omit
the <code>subject:givenName</code>, <code>subject:surname</code>,
and <code>subject:pseudonym</code> attributes and include
only the <code>subject:commonName</code> as described in <a
href="https://github.com/cabforum/smime/blob/main/SBR.md#71422-subject-distinguished-name-fields">Section
7.1.4.2.2(a)</a>, <font color="#0000ff">provided that a
Personal Name (see Section 3.1.2) is included in <font
face="Calibri"><code>subject:commonName</code></font>.</font><span
lang="EN-US">”</span></p>
</blockquote>
<br>
</font></p>
<p><font face="Calibri">Adriano</font></p>
<p><font face="Calibri"><br>
</font></p>
<div class="moz-cite-prefix">Il 16/10/2023 18:38, Martijn Katerbarg
ha scritto:<br>
</div>
<blockquote type="cite"
cite="mid:MW5PR17MB6012542D83AE8D55E57024CAE3D7A@MW5PR17MB6012.namprd17.prod.outlook.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator"
content="Microsoft Word 15 (filtered medium)">
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:10.0pt;
font-family:"Calibri",sans-serif;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}code
{mso-style-priority:99;
font-family:"Courier New";}pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
font-size:10.0pt;
font-family:"Courier New";}span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Consolas",serif;}span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}div.WordSection1
{page:WordSection1;}</style>
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-US">Happy to work with you on that. I do wonder
what the cause and original intent behind this was.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-US">I wonder if they key lies in the Note added to
section 7.1.4.2.5:<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-US">“</span>Legacy Generation profiles MAY omit the
<code>subject:givenName</code>, <code>subject:surname</code>,
and <code>subject:pseudonym</code> attributes and include
only the <code>subject:commonName</code> as described in <a
href="https://github.com/cabforum/smime/blob/main/SBR.md#71422-subject-distinguished-name-fields"
moz-do-not-send="true">Section 7.1.4.2.2(a)</a>.<span
lang="EN-US">”<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt" lang="EN-US">Could
it be that the original intent here was that
subject:givenName, subject:surname and subject:pseudonym are
allowed to be left out, <b>only</b> if subject:commonName
was included <b>and</b> had either the pseudonym or
givenName+surname in it? <br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt" lang="EN-US">I
could see that as a possible legacy use case, with the
intend to deprecate. I’m not sure if any CA needs that use
case at current though.<br>
<br>
Regards,<br>
<br>
Martijn<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div id="mail-editor-reference-message-container">
<div>
<div
style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span
style="font-size:12.0pt;color:black">From: </span></b><span
style="font-size:12.0pt;color:black">Smcwg-public
<a class="moz-txt-link-rfc2396E" href="mailto:smcwg-public-bounces@cabforum.org"><smcwg-public-bounces@cabforum.org></a> on behalf of
Adriano Santoni via Smcwg-public
<a class="moz-txt-link-rfc2396E" href="mailto:smcwg-public@cabforum.org"><smcwg-public@cabforum.org></a><br>
<b>Date: </b>Monday, 16 October 2023 at 18:09<br>
<b>To: </b><a class="moz-txt-link-abbreviated" href="mailto:smcwg-public@cabforum.org">smcwg-public@cabforum.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:smcwg-public@cabforum.org"><smcwg-public@cabforum.org></a><br>
<b>Subject: </b>Re: [Smcwg-public] [External Sender]
Re: Re: SV certificates devoid of individual
attributes<o:p></o:p></span></p>
</div>
<div
style="border:solid black 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt">
<p class="MsoNormal"
style="line-height:12.0pt;background:#FAFA03"><span
style="color:black">CAUTION: This email originated
from outside of the organization. Do not click links
or open attachments unless you recognize the sender
and know the content is safe.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<div>
<p>I would suggest an amendment in order to correct this
unintended result; I'm available to dratf a proposal it
if there are any endorsers.<o:p></o:p></p>
<p>Adriano<o:p></o:p></p>
<p><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt">Il
16/10/2023 17:17, Dimitris Zacharopoulos via
Smcwg-public ha scritto:<o:p></o:p></span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div align="center">
<table class="MsoNormalTable" style="width:30.0%"
width="30%" cellpadding="0" border="1">
<tbody>
<tr>
<td
style="background:yellow;padding:1.5pt 1.5pt 1.5pt 1.5pt" valign="top">
<p class="MsoNormal"><span
style="font-size:11.0pt;color:red">NOTICE:</span><span
style="font-size:11.0pt;color:black"> Pay
attention - external email - Sender is <a
href="mailto:0100018b3910b1a1-5f63e11d-cb86-4599-8385-07abf817d4d1-000000@amazonses.com"
moz-do-not-send="true"
class="moz-txt-link-freetext">0100018b3910b1a1-5f63e11d-cb86-4599-8385-07abf817d4d1-000000@amazonses.com</a>
</span><span style="font-size:11.0pt"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</div>
<p class="MsoNormal" style="text-align:center"
align="center"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">I
agree it's not a good thing. The SV profile was to
support certificates that include attributes of
individuals validated by the Enterprise RA. If we
allow those to be missing, making it effectively
an OV Certificate, seems like an unintended
result.<br>
<br>
Best regards,<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt"><br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Smcwg-public mailing list<o:p></o:p></pre>
<pre><a href="mailto:Smcwg-public@cabforum.org"
moz-do-not-send="true" class="moz-txt-link-freetext">Smcwg-public@cabforum.org</a><o:p></o:p></pre>
<pre><a
href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fsmcwg-public&data=05%7C01%7Cmartijn.katerbarg%40sectigo.com%7C31f1becfe83840c453df08dbce6237da%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638330693474194168%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=u6pfGzIuJyhqtuQF4yntzYBFtn0RP2ndc%2FAR2X4PaIU%3D&reserved=0"
moz-do-not-send="true">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a><o:p></o:p></pre>
</blockquote>
</div>
</div>
</div>
</div>
</blockquote>
</body>
</html>