[Smcwg-public] email addresses in S/MIME certificates

Fri Nov 20 06:07:01 MST 2020

Also I do not remember a discussion that the UPN, if present, has to be
identical to the email address.  Although I may have missed at least 1 of
the calls.  I do not think this is always the case.
Another question is will we allow more than one email address SAN?

thanks,

Wendy

Wendy Brown
Supporting GSA FPKI
Protiviti Government Services

 703-965-2990 (cell)

wendy.brown at gsa.gov
wendy.brown at protiviti.com

On Fri, Nov 20, 2020 at 6:19 AM Dimitris Zacharopoulos (HARICA) via
Smcwg-public <smcwg-public at cabforum.org> wrote:

>
> I believe this proposal prohibits *directoryName *values in the
> subjectAltName extention. I remember that the intent of the first version
> of S/MIME requirements was not to prohibit identity information to be
> included in the Certificate Profile.
>
> Dimitris.
>
>
> On 20/11/2020 12:11 π.μ., Stephen Davidson via Smcwg-public wrote:
>
> To date our discussion related to email addresses in S/MIME has been a
> general reference to rfc822Name along the lines of:
>
>
>
> Extension ID:                      subjectAlternateName
>
> Required?:                          Yes
>
> Critical:                                 Yes if the subject is an empty
> sequence; otherwise, SHOULD NOT be critical
>
> Permitted Value(s):        MUST contain at least one rfc822Name value.
> MUST NOT contain values of type: dNSName, iPAddress,
> uniformResourceIdentifier. otherName values (such as Microsoft UPN) MAY be
> included if the value is identical to an rfc822Name expressed in the SAN
> extension. Any rfc822Name and otherName value in the Subject DN must be
> repeated in the SAN extension.  Each rfc822Name and otherName value must be
> verified with publicly documented and audited measures in accordance with
> Section 3.2.2.
>
> References:                        RFC 5280, Section 4.2.1.6
>
>
>
> S/MIME and rfc822Name has enjoyed a proliferation of standards which leads
> to the question:
>
>    - Do we wish to summarise those rules relating to rfc822Name in this
>    standard or in an informative appendix?
>    - Or do wish simply to provide a listing of the relevant standards?
>
>
>
> If the latter, I believe the most relevant would include RFC 5322
> (internet message format, sections 3.2.3 and 3.4.1), RFC 3696
> (informational, checking of names), and RFC 8398 (internationalized email
> addresses).
>
>
>
> Missing anything?  Comments?
>
>
>
> Best regards, Stephen
>
>
>
> RFC 5322: https://tools.ietf.org/html/rfc5322
>
> RFC 3696: https://tools.ietf.org/html/rfc3696
>
> RFC 8398: https://tools.ietf.org/html/rfc8398
>
>
>
> _______________________________________________
> Smcwg-public mailing listSmcwg-public at cabforum.orghttps://lists.cabforum.org/mailman/listinfo/smcwg-public
>
>
> _______________________________________________
> Smcwg-public mailing list
> Smcwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/smcwg-public
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20201120/8e1dd19c/attachment.html>