<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<br>
<div class="moz-cite-prefix">On 19/10/2023 2:29 μ.μ., Adriano
Santoni via Smcwg-public wrote:<br>
</div>
<blockquote type="cite"
cite="mid:0100018b47b2e127-c6806ded-e801-438d-92de-4436c1be591b-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p><font face="Calibri">I have created the pull request below. <br>
</font></p>
<p><font face="Calibri"><a class="moz-txt-link-freetext"
href="https://github.com/cabforum/smime/pull/218"
moz-do-not-send="true">https://github.com/cabforum/smime/pull/218</a></font><br>
</p>
<p><font face="Calibri">Even if there exists some niche legacy
uses cases, I believe it would be highly preferable to avoid
allowing SV certificates that do not match the SV definition
and are indistinguishable from OV certs. Besides, it appears
that in such particular contexts OV certificates would still
meet the need.</font></p>
</blockquote>
<br>
I suggested a small improvement in
<a class="moz-txt-link-freetext" href="https://github.com/cabforum/smime/pull/218/files#r1369612850">https://github.com/cabforum/smime/pull/218/files#r1369612850</a>.<br>
<br>
<blockquote type="cite"
cite="mid:0100018b47b2e127-c6806ded-e801-438d-92de-4436c1be591b-000000@email.amazonses.com">
<p><font face="Calibri">Looking for endorsers.<br>
</font></p>
</blockquote>
<br>
Happy to endorse.<br>
<br>
Dimitris.<br>
<br>
<blockquote type="cite"
cite="mid:0100018b47b2e127-c6806ded-e801-438d-92de-4436c1be591b-000000@email.amazonses.com">
<p><font face="Calibri"> </font></p>
<p><font face="Calibri">Adriano</font></p>
<p><font face="Calibri"><br>
</font></p>
<div class="moz-cite-prefix">Il 16/10/2023 18:38, Martijn
Katerbarg ha scritto:<br>
</div>
<blockquote type="cite"
cite="mid:MW5PR17MB6012542D83AE8D55E57024CAE3D7A@MW5PR17MB6012.namprd17.prod.outlook.com">
<meta http-equiv="Content-Type"
content="text/html; charset=UTF-8">
<meta name="Generator"
content="Microsoft Word 15 (filtered medium)">
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:10.0pt;
font-family:"Calibri",sans-serif;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}code
{mso-style-priority:99;
font-family:"Courier New";}pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
font-size:10.0pt;
font-family:"Courier New";}span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Consolas",serif;}span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}div.WordSection1
{page:WordSection1;}</style>
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-US">Happy to work with you on that. I do wonder
what the cause and original intent behind this was.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-US">I wonder if they key lies in the Note added
to section 7.1.4.2.5:<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"
lang="EN-US">“</span>Legacy Generation profiles MAY omit
the <code>subject:givenName</code>, <code>subject:surname</code>,
and <code>subject:pseudonym</code> attributes and include
only the <code>subject:commonName</code> as described in <a
href="https://github.com/cabforum/smime/blob/main/SBR.md#71422-subject-distinguished-name-fields"
moz-do-not-send="true">Section 7.1.4.2.2(a)</a>.<span
lang="EN-US">”<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"
lang="EN-US">Could it be that the original intent here was
that subject:givenName, subject:surname and
subject:pseudonym are allowed to be left out, <b>only</b>
if subject:commonName was included <b>and</b> had either
the pseudonym or givenName+surname in it? <br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"
lang="EN-US">I could see that as a possible legacy use
case, with the intend to deprecate. I’m not sure if any CA
needs that use case at current though.<br>
<br>
Regards,<br>
<br>
Martijn<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div id="mail-editor-reference-message-container">
<div>
<div
style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span
style="font-size:12.0pt;color:black">From: </span></b><span
style="font-size:12.0pt;color:black">Smcwg-public <a
class="moz-txt-link-rfc2396E"
href="mailto:smcwg-public-bounces@cabforum.org"
moz-do-not-send="true"><smcwg-public-bounces@cabforum.org></a>
on behalf of Adriano Santoni via Smcwg-public <a
class="moz-txt-link-rfc2396E"
href="mailto:smcwg-public@cabforum.org"
moz-do-not-send="true"><smcwg-public@cabforum.org></a><br>
<b>Date: </b>Monday, 16 October 2023 at 18:09<br>
<b>To: </b><a
class="moz-txt-link-abbreviated moz-txt-link-freetext"
href="mailto:smcwg-public@cabforum.org"
moz-do-not-send="true">smcwg-public@cabforum.org</a>
<a class="moz-txt-link-rfc2396E"
href="mailto:smcwg-public@cabforum.org"
moz-do-not-send="true"><smcwg-public@cabforum.org></a><br>
<b>Subject: </b>Re: [Smcwg-public] [External
Sender] Re: Re: SV certificates devoid of individual
attributes<o:p></o:p></span></p>
</div>
<div
style="border:solid black 1.0pt;padding:2.0pt 2.0pt 2.0pt 2.0pt">
<p class="MsoNormal"
style="line-height:12.0pt;background:#FAFA03"><span
style="color:black">CAUTION: This email originated
from outside of the organization. Do not click links
or open attachments unless you recognize the sender
and know the content is safe.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<div>
<p>I would suggest an amendment in order to correct this
unintended result; I'm available to dratf a proposal
it if there are any endorsers.<o:p></o:p></p>
<p>Adriano<o:p></o:p></p>
<p><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt">Il
16/10/2023 17:17, Dimitris Zacharopoulos via
Smcwg-public ha scritto:<o:p></o:p></span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div align="center">
<table class="MsoNormalTable" style="width:30.0%"
width="30%" cellpadding="0" border="1">
<tbody>
<tr>
<td
style="background:yellow;padding:1.5pt 1.5pt 1.5pt 1.5pt" valign="top">
<p class="MsoNormal"><span
style="font-size:11.0pt;color:red">NOTICE:</span><span
style="font-size:11.0pt;color:black">
Pay attention - external email - Sender
is <a
href="mailto:0100018b3910b1a1-5f63e11d-cb86-4599-8385-07abf817d4d1-000000@amazonses.com"
moz-do-not-send="true"
class="moz-txt-link-freetext">0100018b3910b1a1-5f63e11d-cb86-4599-8385-07abf817d4d1-000000@amazonses.com</a>
</span><span style="font-size:11.0pt"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</div>
<p class="MsoNormal" style="text-align:center"
align="center"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Arial",sans-serif">I
agree it's not a good thing. The SV profile was
to support certificates that include attributes
of individuals validated by the Enterprise RA.
If we allow those to be missing, making it
effectively an OV Certificate, seems like an
unintended result.<br>
<br>
Best regards,<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt"><br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Smcwg-public mailing list<o:p></o:p></pre>
<pre><a href="mailto:Smcwg-public@cabforum.org"
moz-do-not-send="true" class="moz-txt-link-freetext">Smcwg-public@cabforum.org</a><o:p></o:p></pre>
<pre><a
href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fsmcwg-public&data=05%7C01%7Cmartijn.katerbarg%40sectigo.com%7C31f1becfe83840c453df08dbce6237da%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638330693474194168%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=u6pfGzIuJyhqtuQF4yntzYBFtn0RP2ndc%2FAR2X4PaIU%3D&reserved=0"
moz-do-not-send="true">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a><o:p></o:p></pre>
</blockquote>
</div>
</div>
</div>
</div>
</blockquote>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Smcwg-public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Smcwg-public@cabforum.org">Smcwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/smcwg-public">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a>
</pre>
</blockquote>
<br>
</body>
</html>