[Smcwg-public] Ballot SMC01: Final Guideline for “S/MIME Baseline Requirements”

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Thu Sep 29 09:49:19 UTC 2022 


On 29/9/2022 12:40 μ.μ., Pedro FUENTES via Smcwg-public wrote:
> Hi there,
> I was just thinking on the discussion yesterday about the Country, and 
> the issue detected about the “Subject being validated” (and included 
> in the certificate) to be the country where the company is registered 
> (and I said “registered” because I understood there were opinions 
> saying that this field would be redundant as we had already the 
> organisation identifier, which is related to the country of registration).
>
> Although we follow already this practice, so currently for MPKI 
> customers we include the country of the company, as verified, this has 
> recurrently annoyed some customers that have employees in different 
> locations (sometimes changing the state/province, not necessarily the 
> country), so maybe this deserves some discussion.
>
> My first question would be… is there really consensus about setting 
> the country as the country (and state, if present) where the company 
> is registered? The current writing of the guidelines talks about the 
> “Country of the Subject”, so until now it could be understood that 
> this was about the person, not the company… I heard some discordant 
> voices and for me wasn’t clear the general opinion.
>
> My second question would be… could we specify in the certificate the 
> country where the company “operates”, instead of the country where is 
> registered? My rational for this question is as follows: Same as in 
> the BR for SSL, it’s required to be done a “validation of physical 
> existence”, and this could eventually allow to include in the 
> certificate dutifully validated countries (or states) where the 
> company operates, and not necessarily the country where the company is 
> registered… This in fact opens up a possibility… Could it be 
> understood that the company operates where the employee that gets the 
> certificate is located?

My reading of the requirements is that ANY countryName value where the 
country is registered or operates (this needs to be validated of course) 
is acceptable.

>
> My third question… once there’s intent to take the BR for SSL as 
> reference… what about the obligation to include the state/province and 
> country if the organisation name is present? Was this discussed? 
> (maybe I missed that call)

Only the countryName was discussed to be added as a SHALL. I believe the 
logic is the same for ST and L. They need to follow the organization for 
the sponsored profile, not the individual.

Cheers,
Dimitris.

>
> Best,
> Pedro
>
> *WISeKey SA
> *
> *Pedro Fuentes
> *CSO - Trust Services Manager
> Office: + 41 (0) 22 594 30 00
> Mobile: + 41 (0) 791 274 790
> Address: Avenue Louis-Casaï 58 | 1216 Cointrin | Switzerland
> *Stay connected with WISeKey <http://www.wisekey.com>
> *
> *THIS IS A TRUSTED MAIL*: This message is digitally signed with a 
> WISeKey identity. If you get a mail from WISeKey please check 
> the signature to avoid security risks
>
> *CONFIDENTIALITY: *This email and any files transmitted with it can be 
> confidential and it’s intended solely for the use of the individual or 
> entity to which they are addressed. If you are not the named addressee 
> you should not disseminate, distribute or copy this e-mail. If 
> you have received this email in error please notify the sender
>
> *DISCLAIMER: *WISeKey does not warrant the accuracy or completeness of 
> this message and does not accept any liability for any errors or 
> omissions herein as this message has been transmitted over a public 
> network. Internet communications cannot be guaranteed to be secure or 
> error-free as information may be intercepted, corrupted, or contain 
> viruses. Attachments to this e-mail are checked for viruses; 
> however, we do not accept any liability for any damage sustained by 
> viruses and therefore you are kindly requested to check for viruses 
> upon receipt.
>
>
> _______________________________________________
> Smcwg-public mailing list
> Smcwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/smcwg-public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220929/152e7f82/attachment.html>

More information about the Smcwg-public mailing list