[Smcwg-public] "stateOrProvince" or "localityName" in SMIME certs mandatory?
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Tue Jul 6 06:14:43 UTC 2021
On 5/7/2021 10:44 π.μ., Burkhard Wiegel via Smcwg-public wrote:
>
> Hello,
>
>
> I may have missed this discussion but requiring either
> "stateOrProvince" or "localityName" in SMIME certs in Org-,
> Sponsored-, and Individual profiles injects additional cert management
> for organizations and users without any real value. Certs become
> invalid when cert subject/person moves to other town or state or the
> organization changes location.
>
>
> To identify an organization more precise than the Organization Name in
> "O=..." (which anyway must exactly match the Name from the official
> company register of the country) an DN component which contains the
> register number would be much more usefull and has not to be touched
> in case of relocating/moving.
>
>
>
>
> I recommend to change this at least to "MAY" *without* further
> requirements in Org-, Sponsored-, and Individual profiles.
>
I agree with the general approach of not requiring "one OR the other".
The purpose of that requirement, if I recall correctly, was to
disambiguate two (or more) different legal entities with exactly the
same name. The idea was that at the localityName level, it would most
likely not be allowed to register two different legal entities with the
same name. Obviously this is pointless for the case of a natural person.
IMO if we added some requirements for information like the
/subject:organizationIdentifier/ as described in ETSI EN 319 412-3 for
legal entities, and /subject:serialNumber/ as described in ETSI EN 419
412-2 for natural persons, it would be in the right direction.
Dimitris.
>
> Best regards
> Burkhard
>
>
> _______________________________________________
> Smcwg-public mailing list
> Smcwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/smcwg-public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20210706/d7e2bfb6/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pastedImage.png
Type: image/png
Size: 6924 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20210706/d7e2bfb6/attachment-0001.png>
More information about the Smcwg-public
mailing list