[Smcwg-public] [EXTERNAL]-Re: Common Name contents

Lahtiharju, Pekka pekka.lahtiharju at teliacompany.com
Thu Mar 10 13:13:16 UTC 2022


Would email address validation be enough to validate the same values also to Subject. E.g. if user is able to validate email address helpdesk at company.com<mailto:helpdesk at company.com>, is it allowed for CA then to put value “helpdesk” to CN? This would solve our requirements for weakly validated Subjects and we could automate easily everything.

Br Pekka

From: Smcwg-public <smcwg-public-bounces at cabforum.org> On Behalf Of Dimitris Zacharopoulos (HARICA) via Smcwg-public
Sent: torstai 10. maaliskuuta 2022 14.59
To: Doug Beattie <doug.beattie at globalsign.com>; SMIME Certificate Working Group <smcwg-public at cabforum.org>; Henschel, Andreas <a.henschel at d-trust.net>
Subject: Re: [Smcwg-public] [EXTERNAL]-Re: Common Name contents

On 10/3/2022 2:22 μ.μ., Doug Beattie wrote:
If there are usecases that demand more, then let’s let them define those rules and policy OIDs to be used in the certificates on top of the profiles we’re defining here.

I'm afraid I can't support that position. We have always had rules to include validated information in the certificates, even "any other method" that the CA deems appropriate. Even for the subject:organizationalUnitName field, there were rules describing what the CA MUST NOT allow. Allowing fields without any vetting whatsoever is not correct IMHO. It should not be considered "appropriate" from the CA because it is not performing any sort of validation!

BTW, I agree with the position to bring in use cases and define rules. The WG needs to be a bit more active in that regard because it is the only way that existing use cases will be discussed, analyzed and safe practices included in the SMBRs. However, until we have those use cases brought forward so that the WG can define rules, I believe we should not allow them.


This email may contain information which is privileged or protected against unauthorized disclosure or communication. If you are not the intended recipient, please notify the sender and delete this message and any attachments from your system without producing, distributing or retaining copies thereof or disclosing its contents to any other person.

Telia Company processes emails and other files that may contain personal data in accordance with Telia Company’s Privacy Policy<https://www.teliacompany.com/en/about-the-company/privacy/>.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220310/da9d97ef/attachment.html>

More information about the Smcwg-public mailing list