[Smcwg-public] [External Sender] Re: Re: Re: SV certificates devoid of individual attributes
Adriano Santoni
adriano.santoni at staff.aruba.it
Thu Oct 19 11:27:37 UTC 2023
I have created the pull request below.
https://github.com/cabforum/smime/pull/218
Even if there exists some niche legacy uses cases, I believe it would be
highly preferable to avoid allowing SV certificates that do not match
the SV definition and are indistinguishable from OV certs. Besides, it
appears that in such particular contexts OV certificates would still
meet the need.
Looking for endorsers.
Adriano
Il 16/10/2023 18:38, Martijn Katerbarg ha scritto:
>
> Happy to work with you on that. I do wonder what the cause and
> original intent behind this was.
>
> I wonder if they key lies in the Note added to section 7.1.4.2.5:
>
> “Legacy Generation profiles MAY omit the |subject:givenName|,
> |subject:surname|, and |subject:pseudonym| attributes and include only
> the |subject:commonName| as described in Section 7.1.4.2.2(a)
> <https://github.com/cabforum/smime/blob/main/SBR.md#71422-subject-distinguished-name-fields>.”
>
> Could it be that the original intent here was that subject:givenName,
> subject:surname and subject:pseudonym are allowed to be left out,
> *only* if subject:commonName was included *and* had either the
> pseudonym or givenName+surname in it?
>
> I could see that as a possible legacy use case, with the intend to
> deprecate. I’m not sure if any CA needs that use case at current though.
>
> Regards,
>
> Martijn
>
> *From: *Smcwg-public <smcwg-public-bounces at cabforum.org> on behalf of
> Adriano Santoni via Smcwg-public <smcwg-public at cabforum.org>
> *Date: *Monday, 16 October 2023 at 18:09
> *To: *smcwg-public at cabforum.org <smcwg-public at cabforum.org>
> *Subject: *Re: [Smcwg-public] [External Sender] Re: Re: SV
> certificates devoid of individual attributes
>
> CAUTION: This email originated from outside of the organization. Do
> not click links or open attachments unless you recognize the sender
> and know the content is safe.
>
> I would suggest an amendment in order to correct this unintended
> result; I'm available to dratf a proposal it if there are any endorsers.
>
> Adriano
>
> Il 16/10/2023 17:17, Dimitris Zacharopoulos via Smcwg-public ha scritto:
>
> NOTICE:Pay attention - external email - Sender is
> 0100018b3910b1a1-5f63e11d-cb86-4599-8385-07abf817d4d1-000000 at amazonses.com
>
>
> I agree it's not a good thing. The SV profile was to support
> certificates that include attributes of individuals validated by
> the Enterprise RA. If we allow those to be missing, making it
> effectively an OV Certificate, seems like an unintended result.
>
> Best regards,
>
>
>
> _______________________________________________
>
> Smcwg-public mailing list
>
> Smcwg-public at cabforum.org
>
> https://lists.cabforum.org/mailman/listinfo/smcwg-public <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cabforum.org%2Fmailman%2Flistinfo%2Fsmcwg-public&data=05%7C01%7Cmartijn.katerbarg%40sectigo.com%7C31f1becfe83840c453df08dbce6237da%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638330693474194168%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=u6pfGzIuJyhqtuQF4yntzYBFtn0RP2ndc%2FAR2X4PaIU%3D&reserved=0>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20231019/5d89c943/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4620 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20231019/5d89c943/attachment.p7s>
More information about the Smcwg-public
mailing list