[Smcwg-public] Individual email addresses in OV certs

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Mon Sep 18 07:23:35 UTC 2023

Hi Adriano,

IMO it is allowed and supported with the current language. If the 
Applicant can demonstrate control of an email address (via the approved 
methods) AND can prove the identity (Organization Validation in your 
case), the CA can bind all those elements together along with a public 
key and produce a Certificate for that Applicant.

Hope this helps.


On 15/9/2023 7:55 π.μ., Adriano Santoni via Smcwg-public wrote:
> Hello all,
> given that an S/MIME OV certificate is characterized by the fact that 
> it conveys the identity of an organization, it is acceptable for an OV 
> certificate to contain an email address that is clearly associated 
> with an individual mailbox (e.g. name.surname at companydomain.tld) ?
> If I'm not mistaken, this aspect is not touched on in the BR and it 
> therefore seems reasonable to assume that the above case is permitted. 
> However, the fact that the Applicant only controls an individual email 
> address somehow feels "inappropriate" for an OV certificate, so to say.
> It seems okay for sole proprietorships, but in other cases (legal 
> persons with several employees) it seems inconsistent.
> Maybe the answer is already there, in the BR, but I cannot see it.
> Any comments welcome.
> Adriano
> _______________________________________________
> Smcwg-public mailing list
> Smcwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/smcwg-public

More information about the Smcwg-public mailing list