[Smcwg-public] SubjectDirectoryAttributes in MV-Legacy
Stephen Davidson
Stephen.Davidson at digicert.com
Wed Apr 19 17:54:22 UTC 2023
Thanks Russ!
True.
But on the counterpoint: are there Qualified certificates that match the
Mailbox-validated profile?
* It seems a lot of work to validate identity for such a constrained
profile.
* ETSI EN 319 412-2 requires a subject contain at least C, GN/SN or
Pseudonym, and CN.
Best, Stephen
From: Russ Housley <housley at vigilsec.com>
Sent: Wednesday, April 19, 2023 2:35 PM
To: Stephen Davidson <Stephen.Davidson at digicert.com>; SMIME Certificate
Working Group <smcwg-public at cabforum.org>
Subject: Re: [Smcwg-public] SubjectDirectoryAttributes in MV-Legacy
Stephen:
Qualified Certificates allows SubjectDirectoryAttributes extension. See
section 3.2.2 of RFC 3739. So, I think think it should be allowed.
Russ
On Apr 18, 2023, at 6:40 PM, Stephen Davidson via Smcwg-public
<smcwg-public at cabforum.org <mailto:smcwg-public at cabforum.org> > wrote:
Hello:
In working out lints for the S/MIME linter (more info to come), Corey
observed that we didn't explicitly ban SubjectDirectoryAttributes extension
in a Mailbox-validated cert. See (j) of
<https://github.com/cabforum/smime/blob/main/SBR.md#7123-subscriber-certific
ates>
https://github.com/cabforum/smime/blob/main/SBR.md#7123-subscriber-certifica
tes.
We did allow the SubjectDirectoryAttributes extension to be used in the
Legacy generation profiles, knowing that it is used in many legacy
implementations, and that the Legacy generation will eventually be
deprecated.
However, it seems odd to allow its use in the Mailbox-validated Legacy
profile, which otherwise blocks the inclusion of Subject Identity
information.
1. Does the SMCWG believe that the SubjectDirectoryAttributes extension
should be allowed or disallowed in Mailbox-validated Legacy certs?
2. In the event that the SubjectDirectoryAttributes extension is
disallowed, is this acceptable to be clarified in the Erratum ballot or
should it be defined as a new ballot?
This will be on agenda for our next call, but feel free to begin discussion.
Best, Stephen
_______________________________________________
Smcwg-public mailing list
<mailto:Smcwg-public at cabforum.org> Smcwg-public at cabforum.org
<https://lists.cabforum.org/mailman/listinfo/smcwg-public>
https://lists.cabforum.org/mailman/listinfo/smcwg-public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20230419/c461b707/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5263 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20230419/c461b707/attachment-0001.p7s>
More information about the Smcwg-public
mailing list