[Smcwg-public] [EXTERNAL]-Re: Common Name contents

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Thu Mar 10 12:58:35 UTC 2022

On 10/3/2022 2:22 μ.μ., Doug Beattie wrote:
> If there are usecases that demand more, then let’s let them define 
> those rules and policy OIDs to be used in the certificates on top of 
> the profiles we’re defining here.

I'm afraid I can't support that position. We have always had rules to 
include validated information in the certificates, even "any other 
method" that the CA deems appropriate. Even for the 
subject:organizationalUnitName field, there were rules describing what 
the CA MUST NOT allow. Allowing fields without any vetting whatsoever is 
not correct IMHO. It should not be considered "appropriate" from the CA 
because it is not performing any sort of validation!

BTW, I agree with the position to bring in use cases and define rules. 
The WG needs to be a bit more active in that regard because it is the 
only way that existing use cases will be discussed, analyzed and safe 
practices included in the SMBRs. However, until we have those use cases 
brought forward so that the WG can define rules, I believe we should not 
allow them.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220310/42765f29/attachment.html>

More information about the Smcwg-public mailing list