[Smcwg-public] SubjectDirectoryAttributes in MV-Legacy
Stephen Davidson
Stephen.Davidson at digicert.com
Tue Apr 18 22:40:18 UTC 2023
Hello:
In working out lints for the S/MIME linter (more info to come), Corey observed that we didn't explicitly ban SubjectDirectoryAttributes extension in a Mailbox-validated cert. See (j) of https://github.com/cabforum/smime/blob/main/SBR.md#7123-subscriber-certificates.
We did allow the SubjectDirectoryAttributes extension to be used in the Legacy generation profiles, knowing that it is used in many legacy implementations, and that the Legacy generation will eventually be deprecated.
However, it seems odd to allow its use in the Mailbox-validated Legacy profile, which otherwise blocks the inclusion of Subject Identity information.
1. Does the SMCWG believe that the SubjectDirectoryAttributes extension should be allowed or disallowed in Mailbox-validated Legacy certs?
2. In the event that the SubjectDirectoryAttributes extension is disallowed, is this acceptable to be clarified in the Erratum ballot or should it be defined as a new ballot?
This will be on agenda for our next call, but feel free to begin discussion.
Best, Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20230418/3e374081/attachment.html>
More information about the Smcwg-public
mailing list