[Smcwg-public] Secure Mail Subject DN
Stephen Davidson
Stephen.Davidson at digicert.com
Tue Nov 24 08:21:45 MST 2020
Hi Doug:
No you have not missed anything; this is a timely point.
Subject DN will be dealt with in two phases of our work; 1) now to identify
the fields in common use and then 2) later to identify the required
verification.
I have reserved the CABF OID 2.23.140.1.5 for the eventual S/MIME Baseline
Requirements.
My thinking had been similar to yours where:
* DV/email 2.23.140.1.5.1
* OV 2.23.140.1.5.2
* IV 2.23.140.1.5.3
There is a question whether the IV level should in fact be split into two for
personal vs org representative.
This may take some iterations, so I will add this to our agenda for tomorrow
at least to introduce the topic.
Best regards, Stephen
From: Smcwg-public <smcwg-public-bounces at cabforum.org> On Behalf Of Doug
Beattie via Smcwg-public
Sent: Tuesday, November 24, 2020 10:46 AM
To: SMIME Certificate Working Group <smcwg-public at cabforum.org>
Subject: [Smcwg-public] Secure Mail Subject DN
Hi Stephen,
Maybe the group hasn’t yet progressed into Subject DN field definitions (I’ve
missed a few meetings and I didn’t see this in the Google spreadsheet profile
table), but are we planning to parallel the CABF BRs when it comes to this?
TLS DV: Could be the basis for an S/MIME profile with just an email somewhere
in the subject DN (CN or E) so that the subject is not empty
TLS OV: Could be the basis for an S/MIME profile with C, S, L, O and maybe OU
in the subject DN (and perhaps email in CN or E)
TLS IV: Could be the basis for an S/MIME profile with C, S, L and then
givenName and surname fields. The CA could optionally populate the name
values into the Org field when issuing to a natural person or DBA. That seems
like a reasonable approach and parallels the BRs.
When do you think we’ll dive into the subject DN field definitions?
Doug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20201124/36e01f16/attachment.html>
More information about the Smcwg-public
mailing list