[Smcwg-public] CommonNames, Pseudonyms, GivenNames and Surnames

Stephen Davidson Stephen.Davidson at digicert.com
Tue Jul 18 14:25:00 UTC 2023 

Yes, thank you Rob and Clint.

Please add it to the issues list in Github, so we can add track it for the next ballot.

As it happens, I think that Psuedonyms have been an area of interest in the Sponsor-validated type during the implementation of the SBR, so a “revisit” based on that experience may be in order after September.

 

 

From: Smcwg-public <smcwg-public-bounces at cabforum.org> On Behalf Of Clint Wilson via Smcwg-public
Sent: Monday, July 17, 2023 3:16 PM
To: Robert Lee <robert.lee at globalsign.com>; SMIME Certificate Working Group <smcwg-public at cabforum.org>
Subject: Re: [Smcwg-public] CommonNames, Pseudonyms, GivenNames and Surnames

 

Hi Rob,

 

I think minimally filing an issue in https://github.com/cabforum/smime/issues <https://url.avanan.click/v2/___https:/github.com/cabforum/smime/issues___.YXAzOmRpZ2ljZXJ0OmE6bzo3YWFhOWVmNWIwZjZhYTc1YmY4NzNiZmMxMWYzYjkxNDo2OmM0MWQ6MjNjMTc2M2NmMjc5ZTA2MWMyNzU0ZDE2M2NkYzQ4ZTJjN2E3YjE4MWE5NzhjZjMxMDZlNjA4MTcyY2FkMDZmMjpoOkY>  would be a good thing to do to track this potential conflict.

FWIW, I also think the issue identified is indeed an issue (though probably not major) and your proposed updates seem reasonable to me as well.

 

Cheers,

-Clint





On Jul 13, 2023, at 6:52 AM, Robert Lee via Smcwg-public <smcwg-public at cabforum.org <mailto:smcwg-public at cabforum.org> > wrote:

 

Dear all,

 

I’m emailing because I think some further clarification may be needed in section 7.1.4.2.2(a) around commonNames as Personal Names or Pseudonyms (capital ‘P’ based on SMC03 changes).

 

What I think is needed is to align some of the uses of commonNames with the existing rules around if subject:pseudonym is present then subject:givenName/subject:surname SHALL NOT be present and the vice versa rule.  My understanding/assumption is that the pseudonym/givenName/surname rules are in place to make an SMIME certificate a Pseudonym cert or a Personal Name cert and not to be both at the same time (especially as putting one’s name into the cert would dramatically reduce any privacy afforded by using a Pseudonym).

 

However, the options for commonName in sponsor and individual validated certificates don't entirely work with the above as currently you _could_ have a subject:pseudonym and then put your Personal Name in the commonName which doesn't track with my understanding/assumption of what the pseudonym/givenName/surname rules are supposed to achieve.

 

I don’t think it’s a difficult thing to fix though.  Adding the following lines to 7.1.4.2.2(a) should close this hole effectively enough:

 

“If the subject:commonName contains a Pseudonym, then the subject:givenName and/or subject:surname attributes SHALL NOT be present.”

 

“If the subject:commonName contains a Personal Name, then the subject:pseudonym attribute SHALL NOT be present.”

 

If people broadly agree with my suggestion then I’m happy to make a PR into the BRs or somewhere else if, like SMC03, there’ll be a branch collecting changes in someone’s fork of the document.

 

Best Regards,

Rob

 

Dr. Robert Lee MEng PhD

Senior Software Engineer with Cryptography SME

 <https://url.avanan.click/v2/___http:/www.globalsign.co.uk/___.YXAzOmRpZ2ljZXJ0OmE6bzo3YWFhOWVmNWIwZjZhYTc1YmY4NzNiZmMxMWYzYjkxNDo2Ojg0ZmY6YmUwYjE5MTJlYWUzNDc3ZDAwODE0NDQzMGRmMjM2ZGUxY2FlMTBlYWY2ZDk1OWUzMDc0ZWE3N2Q2YjYzMzVmMjpoOkY> www.globalsign.co.uk| <https://url.avanan.click/v2/___http:/www.globalsign.eu/___.YXAzOmRpZ2ljZXJ0OmE6bzo3YWFhOWVmNWIwZjZhYTc1YmY4NzNiZmMxMWYzYjkxNDo2OjI5YWQ6M2NiZTEwY2QyYmNlNDQ4ZTE1ZmUyZjk1ZTFjZjFiNTgyNGQwOTc5NTIwNTRiNzlhODFmYWNhZDhkOGQ4ODUzMDpoOkY> www.globalsign.eu

 

_______________________________________________
Smcwg-public mailing list
 <mailto:Smcwg-public at cabforum.org> Smcwg-public at cabforum.org
 <https://url.avanan.click/v2/___https:/lists.cabforum.org/mailman/listinfo/smcwg-public___.YXAzOmRpZ2ljZXJ0OmE6bzo3YWFhOWVmNWIwZjZhYTc1YmY4NzNiZmMxMWYzYjkxNDo2Ojk0ZDU6MmIzYjJjZDFjYTIwNTUzM2UyMmI1NmVjZWIyNTc2M2UxMTAyNGEyNDI5MWViOGQ2ODM4MDc5ZDMwZjk5ZjExMDpoOkY> https://lists.cabforum.org/mailman/listinfo/smcwg-public

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20230718/36ffe0cb/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5263 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20230718/36ffe0cb/attachment-0001.p7s>

More information about the Smcwg-public mailing list