[Smcwg-public] email addresses in S/MIME certificates

Stephen Davidson Stephen.Davidson at digicert.com
Thu Nov 19 15:11:45 MST 2020

To date our discussion related to email addresses in S/MIME has been a general reference to rfc822Name along the lines of:

Extension ID:                      subjectAlternateName

Required?:                          Yes

Critical:                                 Yes if the subject is an empty sequence; otherwise, SHOULD NOT be critical

Permitted Value(s):        MUST contain at least one rfc822Name value. MUST NOT contain values of type: dNSName, iPAddress, uniformResourceIdentifier. otherName values (such as Microsoft UPN) MAY be included if the value is identical to an rfc822Name expressed in the SAN extension. Any rfc822Name and otherName value in the Subject DN must be repeated in the SAN extension.  Each rfc822Name and otherName value must be verified with publicly documented and audited measures in accordance with Section 3.2.2.

References:                        RFC 5280, Section

S/MIME and rfc822Name has enjoyed a proliferation of standards which leads to the question:

*       Do we wish to summarise those rules relating to rfc822Name in this standard or in an informative appendix?
*       Or do wish simply to provide a listing of the relevant standards?

If the latter, I believe the most relevant would include RFC 5322 (internet message format, sections 3.2.3 and 3.4.1), RFC 3696 (informational, checking of names), and RFC 8398 (internationalized email addresses).

Missing anything?  Comments?

Best regards, Stephen

RFC 5322: https://tools.ietf.org/html/rfc5322

RFC 3696: https://tools.ietf.org/html/rfc3696

RFC 8398: https://tools.ietf.org/html/rfc8398

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20201119/c6738dd2/attachment.html>

More information about the Smcwg-public mailing list