[Smcwg-public] [External Sender] Re: Re: Re: SV certificates devoid of individual attributes
Adriano Santoni
adriano.santoni at staff.aruba.it
Tue Oct 17 06:59:06 UTC 2023
As a first idea, how about rewording that note in §7.1.4.2.5 the
following way?
> “Legacy Generation profiles MAY omit the |subject:givenName|,
> |subject:surname|, and |subject:pseudonym| attributes and include only
> the |subject:commonName| as described in Section 7.1.4.2.2(a)
> <https://github.com/cabforum/smime/blob/main/SBR.md#71422-subject-distinguished-name-fields>,
> provided that a Personal Name (see Section 3.1.2) is included in
> |subject:commonName|.”
>
Adriano
Il 16/10/2023 18:38, Martijn Katerbarg ha scritto:
>
> Happy to work with you on that. I do wonder what the cause and
> original intent behind this was.
>
> I wonder if they key lies in the Note added to section 7.1.4.2.5:
>
> “Legacy Generation profiles MAY omit the |subject:givenName|,
> |subject:surname|, and |subject:pseudonym| attributes and include only
> the |subject:commonName| as described in Section 7.1.4.2.2(a)
> <https://github.com/cabforum/smime/blob/main/SBR.md#71422-subject-distinguished-name-fields>.”
>
> Could it be that the original intent here was that subject:givenName,
> subject:surname and subject:pseudonym are allowed to be left out,
> *only* if subject:commonName was included *and* had either the
> pseudonym or givenName+surname in it?
>
> I could see that as a possible legacy use case, with the intend to
> deprecate. I’m not sure if any CA needs that use case at current though.
>
> Regards,
>
> Martijn
>
> *From: *Smcwg-public <smcwg-public-bounces at cabforum.org> on behalf of
> Adriano Santoni via Smcwg-public <smcwg-public at cabforum.org>
> *Date: *Monday, 16 October 2023 at 18:09
> *To: *smcwg-public at cabforum.org <smcwg-public at cabforum.org>
> *Subject: *Re: [Smcwg-public] [External Sender] Re: Re: SV
> certificates devoid of individual attributes
>
> CAUTION: This email originated from outside of the organization. Do
> not click links or open attachments unless you recognize the sender
> and know the content is safe.
>
> I would suggest an amendment in order to correct this unintended
> result; I'm available to dratf a proposal it if there are any endorsers.
>
> Adriano
>
> Il 16/10/2023 17:17, Dimitris Zacharopoulos via Smcwg-public ha scritto:
>
> NOTICE:Pay attention - external email - Sender is
> 0100018b3910b1a1-5f63e11d-cb86-4599-8385-07abf817d4d1-000000 at amazonses.com
>
>
> I agree it's not a good thing. The SV profile was to support
> certificates that include attributes of individuals validated by
> the Enterprise RA. If we allow those to be missing, making it
> effectively an OV Certificate, seems like an unintended result.
>
> Best regards,
>
>
>
> _______________________________________________
>
> Smcwg-public mailing list
>
> Smcwg-public at cabforum.org
>
> https://lists.cabforum.org/mailman/listinfo/smcwg-public <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fsmcwg-public&data=05%7C01%7Cmartijn.katerbarg%40sectigo.com%7C31f1becfe83840c453df08dbce6237da%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638330693474194168%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=u6pfGzIuJyhqtuQF4yntzYBFtn0RP2ndc%2FAR2X4PaIU%3D&reserved=0>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20231017/7c458d5c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4620 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20231017/7c458d5c/attachment.p7s>
More information about the Smcwg-public
mailing list