[Smcwg-public] "stateOrProvince" or "localityName" in SMIME certs mandatory?
Burkhard Wiegel
B.Wiegel at zertificon.com
Mon Jul 5 07:44:04 UTC 2021
Hello,
I may have missed this discussion but requiring either "stateOrProvince" or "localityName" in SMIME certs in Org-, Sponsored-, and Individual profiles injects additional cert management for organizations and users without any real value. Certs become invalid when cert subject/person moves to other town or state or the organization changes location.
To identify an organization more precise than the Organization Name in "O=..." (which anyway must exactly match the Name from the official company register of the country) an DN component which contains the register number would be much more usefull and has not to be touched in case of relocating/moving.
[cid:80bd2668-3a80-476f-9fcb-2cda07a39cf5]
I recommend to change this at least to "MAY" without further requirements in Org-, Sponsored-, and Individual profiles.
Best regards
Burkhard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20210705/f1d50c99/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pastedImage.png
Type: image/png
Size: 6924 bytes
Desc: pastedImage.png
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20210705/f1d50c99/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2234 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20210705/f1d50c99/attachment-0001.bin>
More information about the Smcwg-public
mailing list