[Smcwg-public] Validation requirements for otherName SANs
Corey Bonnell
Corey.Bonnell at digicert.com
Mon May 3 17:21:38 UTC 2021
Hello,
As discussed on last week's call, we indicated a desire to require
validation of email addresses that are contained in a subset of SAN types. I
think we all agreed that rfc822Names must be validated, but there was a
discussion on otherNames. The IANA registry for otherNames is located here:
https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1
.3.6.1.5.5.7.8
>From this registry, the only entry that I can see as requiring validation in
an S/MIME context is id-on-SmtpUTF8Mailbox (which I brought up on the call);
all the other ones appear to be unrelated. Given this, I believe for the
legacy profile, we can safely state that all rfc822Names and otherNames of
type id-on-SmtpUTF8Mailbox must be validated and otherNames of any other
type do not need to be validated (such as UPN, etc).
Thoughts?
Thanks,
Corey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20210503/aed73202/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4990 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20210503/aed73202/attachment.p7s>
More information about the Smcwg-public
mailing list