[Smcwg-public] Sponsored profile overlap

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Thu Aug 5 07:54:58 UTC 2021



On 5/8/2021 10:39 π.μ., Wiedenhorst, Matthias via Smcwg-public wrote:
> - Natural person associated with a legal person ("Sponsored")
> These unsurprisingly already match with the typical subject types and for example also with the definition of possible subject as given in ETSI EN 319 411-1.
> In my opinion it should be up to the CA whether they want to sell all of these profiles on a retail basis or if some are only available through Enterprise RAs. But maybe in that case, "Sponsored" is not the very best name for that profile anymore...

I shared that same observation at yesterday's call.

One could request a certificate that contains an organization name and 
individual information in the subject, including a validated email 
address. This doesn't need to be "sponsored".

Stephen mentioned that this would fit under the "individual" profile, 
but with a "corporate" flavor.

The responsibility of the CA is to "bind" a key with attributes of a 
specific natural person or legal entity. If the subject of the 
certificate is a "natural person, associated with a legal entity", after 
the CA validates control of a specific email address, the CA would need 
to bind the organization attributes (countryName, organizationName, etc) 
and personal attributes (givenName, surname) with the same Applicant.

I had reservations about the "sponsored" title early in our discussions 
because whether it is "sponsored" or not, from a certificate profile 
perspective, is irrelevant. As Matthias pointed out, the "sponsored" 
flavor is more of a "delegation of validation duties" issue rather than 
a certificate profile issue.

The word "Corporate" instead of "Sponsored" and a detailed description 
that it is related to an "Individual associated with an Organization" 
seems preferable.


Thanks,
Dimitris.


More information about the Smcwg-public mailing list