[Smcwg-public] CommonNames, Pseudonyms, GivenNames and Surnames

Robert Lee robert.lee at globalsign.com
Thu Jul 13 08:50:04 UTC 2023

Dear all, 

I’m emailing because I think some further clarification may be needed in section around commonNames as Personal Names or Pseudonyms (capital ‘P’ based on SMC03 changes). 

What I think is needed is to align some of the uses of commonNames with the existing rules around if subject:pseudonym is present then subject:givenName/subject:surname SHALL NOT be present and the vice versa rule. My understanding/assumption is that the pseudonym/givenName/surname rules are in place to make an SMIME certificate a Pseudonym cert or a Personal Name cert and not to be both at the same time (especially as putting one’s name into the cert would dramatically reduce any privacy afforded by using a Pseudonym). 

However, the options for commonName in sponsor and individual validated certificates don't entirely work with the above as currently you _could_ have a subject:pseudonym and then put your Personal Name in the commonName which doesn't track with my understanding/assumption of what the pseudonym/givenName/surname rules are supposed to achieve. 

I don’t think it’s a difficult thing to fix though. Adding the following lines to should close this hole effectively enough: 

“If the subject:commonName contains a Pseudonym, then the subject:givenName and/or subject:surname attributes SHALL NOT be present.” 

“If the subject:commonName contains a Personal Name, then the subject:pseudonym attribute SHALL NOT be present.” 

If people broadly agree with my suggestion then I’m happy to make a PR into the BRs or somewhere else if, like SMC03, there’ll be a branch collecting changes in someone’s fork of the document. 

Best Regards, 

Dr. Robert Lee MEng PhD 
Senior Software Engineer with Cryptography SME 
www.globalsign.co.uk <_blank>|www.globalsign.eu <_blank> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20230713/27d33691/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 9889 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20230713/27d33691/attachment-0001.bin>

More information about the Smcwg-public mailing list