[Smcwg-public] Validation requirements for otherName SANs
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Tue May 4 08:20:31 UTC 2021
+1
On 3/5/2021 9:16 μ.μ., Russ Housley via Smcwg-public wrote:
>
>
>> On May 3, 2021, at 1:21 PM, Corey Bonnell via Smcwg-public
>> <smcwg-public at cabforum.org <mailto:smcwg-public at cabforum.org>> wrote:
>>
>> Hello,
>> As discussed on last week’s call, we indicated a desire to require
>> validation of email addresses that are contained in a subset of SAN
>> types. I think we all agreed that rfc822Names must be validated, but
>> there was a discussion on otherNames. The IANA registry for
>> otherNames is located
>> here:https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.8
>> <https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.8>
>> From this registry, the only entry that I can see as requiring
>> validation in an S/MIME context is id-on-SmtpUTF8Mailbox (which I
>> brought up on the call); all the other ones appear to be unrelated.
>> Given this, I believe for the legacy profile, we can safely state
>> that all rfc822Names and otherNames of type id-on-SmtpUTF8Mailbox
>> must be validated and otherNames of any other type do not need to be
>> validated (such as UPN, etc).
>> Thoughts?
>
> I agree that id-on-SmtpUTF8Mailbox needs to be validated, if it is
> present. You can learn more about it in RFC 8398.
>
> Russ
>
>
> _______________________________________________
> Smcwg-public mailing list
> Smcwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/smcwg-public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20210504/51d9e00f/attachment-0001.html>
More information about the Smcwg-public
mailing list