[Smcwg-public] Cardinality of subject fields

Corey Bonnell Corey.Bonnell at digicert.com
Tue Jul 13 13:15:31 UTC 2021


Hello,

When reviewing the proposed set of allowed/required subject fields for the
profiles we have discussed this far, I realized that there is room for
better clarity regarding the allowed number of each attribute type that may
be present in each subject. For example, the current specification leaves it
unclear whether multiple CN attributes may be present in the subject Name.
The cardinality of each attribute type is currently left unstated in the TLS
BRs, which has led to a lack of clarity and disagreements on the allowed
number of various attribute types.

 

To prevent this confusion and provide concrete written guidance, I suggest
that we add a column to the profiles spreadsheet that indicates whether
multiple instances of an attribute type are allowed.

 

To start, I propose that the following attributes be allowed to appear more
than once:

*	OU (if we decide to allow its presence at all)
*	streetAddress
*	organizationalIdentifier (if different registration schemes are
specified)

 

All other attribute types must not appear more than once in each subject.

 

Thoughts?

 

Thanks,

Corey

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20210713/406a46ab/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4990 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20210713/406a46ab/attachment.p7s>


More information about the Smcwg-public mailing list