[Smcwg-public] Common Name contents

Doug Beattie doug.beattie at globalsign.com
Wed Mar 2 17:09:59 UTC 2022


Hey Stephen,

 

During the call today it was mentioned that all of the subject info pulled
from the certificates and displayed via GUI needs to be validated (no more
OU logic). I went back and looked at the options for Sponsor validated certs
and it permits the Pseudonym to be present in the CN.  

 

I went to check the rules for validation and found this:

 

f. Certificate Field: subject:pseudonym (2.5.4.65)
Contents: The pseudonym attribute MUST NOT be present if the givenName
and/or surname attribute are present. If present, the subject:pseudonym
field field MUST be verified according to Section 3.2.3
<https://github.com/cabforum/smime/blob/preSBR/SBR.md#323-authentication-of-
individual-identity> .

 

But I could not find any references to this field in that section, or
section 3.2.4 that indicates how this is to be validated.  Are there CA
validation rules for this, or can any value be supplied?

 

Doug

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220302/b48bb4ec/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 8404 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220302/b48bb4ec/attachment-0001.p7s>


More information about the Smcwg-public mailing list