[Smcwg-public] Secure Mail Subject DN

Doug Beattie doug.beattie at globalsign.com
Tue Nov 24 15:38:58 UTC 2020 

Hi Stephen,

 

Ok, great.  And far as separating the IV into two, yes, I definitely think we should do that.

 

Doug

 

 

 

From: Stephen Davidson <Stephen.Davidson at digicert.com> 
Sent: Tuesday, November 24, 2020 10:22 AM
To: Doug Beattie <doug.beattie at globalsign.com>; SMIME Certificate Working Group <smcwg-public at cabforum.org>
Subject: RE: Secure Mail Subject DN

 

Hi Doug:

 

No you have not missed anything; this is a timely point.

Subject DN will be dealt with in two phases of our work; 1) now to identify the fields in common use and then 2) later to identify the required verification.

I have reserved the CABF OID 2.23.140.1.5 for the eventual S/MIME Baseline Requirements.

My thinking had been similar to yours where:

*	DV/email  2.23.140.1.5.1 
*	OV 2.23.140.1.5.2 
*	IV 2.23.140.1.5.3

There is a question whether the IV level should in fact be split into two for personal vs org representative.

This may take some iterations, so I will add this to our agenda for tomorrow at least to introduce the topic.

 

Best regards, Stephen

 

 

 

From: Smcwg-public <smcwg-public-bounces at cabforum.org> On Behalf Of Doug Beattie via Smcwg-public
Sent: Tuesday, November 24, 2020 10:46 AM
To: SMIME Certificate Working Group <smcwg-public at cabforum.org>
Subject: [Smcwg-public] Secure Mail Subject DN

 

Hi Stephen,

 

Maybe the group hasn’t yet progressed into Subject DN field definitions (I’ve missed a few meetings and I didn’t see this in the Google spreadsheet profile table), but are we planning to parallel the CABF BRs when it comes to this?

 

TLS DV: Could be the basis for an S/MIME profile with just an email somewhere in the subject DN (CN or E) so that the subject is not empty

TLS OV: Could be the basis for an S/MIME profile  with C, S, L, O and maybe OU in the subject DN (and perhaps email in CN or E)

TLS IV: Could be the basis for an S/MIME profile with C, S, L and then givenName and surname fields.  The CA could optionally populate the name values into the Org field when issuing to a natural person or DBA.  That seems like a reasonable approach and parallels the BRs.

 

When do you think we’ll dive into the subject DN field definitions?

 

Doug

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20201124/3a88a4bb/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5708 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20201124/3a88a4bb/attachment-0001.p7s>

More information about the Smcwg-public mailing list