[Smcwg-public] [EXTERNAL]-Re: Sponsored profile overlap

Thu Aug 5 09:13:10 UTC 2021

+1

I think is important not to mix the roles of an external RA and the very common case of a restricted access for prevalidated combinations of organisational fields (O, L, ST, C) and domains.

At the end, the “rule of thumb” is that everything that goes in a certificate needs to be validated, either ad-hoc at the moment of issuance, either with a pre-validation strategy aimed to “Corporate” certificates.

BR/Pedro

> On 5 Aug 2021, at 11:06, Adriano Santoni via Smcwg-public <smcwg-public at cabforum.org> wrote:
> 
> I fully agree with Dimitris.
> 
> Thanks,
> 
> Adriano
> 
> 
> 
> Il 05/08/2021 09:55, Dimitris Zacharopoulos (HARICA) via Smcwg-public ha scritto:
>> 
>> 
>> On 5/8/2021 10:39 π.μ., Wiedenhorst, Matthias via Smcwg-public wrote: 
>>> - Natural person associated with a legal person ("Sponsored") 
>>> These unsurprisingly already match with the typical subject types and for example also with the definition of possible subject as given in ETSI EN 319 411-1. 
>>> In my opinion it should be up to the CA whether they want to sell all of these profiles on a retail basis or if some are only available through Enterprise RAs. But maybe in that case, "Sponsored" is not the very best name for that profile anymore... 
>> 
>> I shared that same observation at yesterday's call. 
>> 
>> One could request a certificate that contains an organization name and individual information in the subject, including a validated email address. This doesn't need to be "sponsored". 
>> 
>> Stephen mentioned that this would fit under the "individual" profile, but with a "corporate" flavor. 
>> 
>> The responsibility of the CA is to "bind" a key with attributes of a specific natural person or legal entity. If the subject of the certificate is a "natural person, associated with a legal entity", after the CA validates control of a specific email address, the CA would need to bind the organization attributes (countryName, organizationName, etc) and personal attributes (givenName, surname) with the same Applicant. 
>> 
>> I had reservations about the "sponsored" title early in our discussions because whether it is "sponsored" or not, from a certificate profile perspective, is irrelevant. As Matthias pointed out, the "sponsored" flavor is more of a "delegation of validation duties" issue rather than a certificate profile issue. 
>> 
>> The word "Corporate" instead of "Sponsored" and a detailed description that it is related to an "Individual associated with an Organization" seems preferable. 
>> 
>> 
>> Thanks, 
>> Dimitris. 
>> _______________________________________________ 
>> Smcwg-public mailing list 
>> Smcwg-public at cabforum.org <mailto:Smcwg-public at cabforum.org> 
>> https://lists.cabforum.org/mailman/listinfo/smcwg-public <https://lists.cabforum.org/mailman/listinfo/smcwg-public> 
> _______________________________________________
> Smcwg-public mailing list
> Smcwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/smcwg-public

WISeKey SA
Pedro Fuentes
CSO - Trust Services Manager
Office: + 41 (0) 22 594 30 00
Mobile: + 41 (0) 791 274 790
Address: 29, Rte de Pré-Bois - CP 853 | Geneva 1215 CH - Switzerland
Stay connected with WISeKey <http://www.wisekey.com/>

THIS IS A TRUSTED MAIL: This message is digitally signed with a WISeKey identity. If you get a mail from WISeKey please check the signature to avoid security risks

CONFIDENTIALITY: This email and any files transmitted with it can be confidential and it’s intended solely for the use of the individual or entity to which they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. If you have received this email in error please notify the sender

DISCLAIMER: WISeKey does not warrant the accuracy or completeness of this message and does not accept any liability for any errors or omissions herein as this message has been transmitted over a public network. Internet communications cannot be guaranteed to be secure or error-free as information may be intercepted, corrupted, or contain viruses. Attachments to this e-mail are checked for viruses; however, we do not accept any liability for any damage sustained by viruses and therefore you are kindly requested to check for viruses upon receipt.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20210805/0b8193a7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3398 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20210805/0b8193a7/attachment-0001.p7s>