[Smcwg-public] SV certificates devoid of individual attributes
Adriano Santoni
adriano.santoni at staff.aruba.it
Mon Oct 16 13:52:05 UTC 2023
Hello all,
I have the impression that the current SMBRs allow to issue
Sponsor-Validated certificates which, contrary to the definition of this
type of certificate, do not contain any "Individual (Natural Person)
attributes" (quoting from the definition of Sponsor-Validated). At
least, this seems to hold for the "Legacy Generation profiles".
* according to §3.1.1 and §7.1.4.2.2, the commonName does not
necessarily have to contain a Personal Name (in fact it MAY contain
a Mailbox Address)
* according to §7.1.4.2.5, givenName and surname attributes are not
required in "Legacy Generation profiles".
Furthermore, as already discussed in a previous thread, there is no
requirement that a personal email address have a "personal" appearance
(e.g. forename.surname at company.com).
Therefore, if I understand correctly, a Subject of the following type
within a "Legacy" SV (Sponsor-Validated) certificate would be 100%
compliant:
CN=info at example.com, O=Example HmbH, organizationIdentifier=NTRXX-xxxxx,
C=XX
If this is true, it would make no difference if the certificate was OV
rather than SV: the Subject could be identical in the two cases, and it
would be devoid of "Individual (Natural Person) attibutes".
Is the above correct, or am I missing something?
Adriano
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20231016/18e941f4/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4620 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20231016/18e941f4/attachment-0001.p7s>
More information about the Smcwg-public
mailing list