Smcwg-public ha
scritto:
NOTICE: Pay attention - external email - Sender is
0100018f81516e02-6e8cf1f2-17e3-4e41-a6e4-9bba971c2720-000...@amazonses.com
On 16/5/2024 3:06 μ.μ., Adriano Santoni via Smcwg-public wrote:
At any rate, even with a digital signature made with an eIDAS
qualified
I meant...
you (the Relying Party) cannot tell ...
Il 16/05/2024 14:06, Adriano Santoni via Smcwg-public ha scritto:
you (the CA) cannot tell
smime.p7s
Description: Firma crittografica S/MIME
___
Smcwg-public mailing list
Smcwg-public@cabforum.org
is dzach...@harica.gr
On 13/5/2024 5:03 μ.μ., Adriano Santoni via Smcwg-public wrote:
Hi Martijn,
I appreciate your concern, but would not the same concern also arise
with a digital signature made with an eIDAS qualified certificate?
Hi Adriano, I missed this thread, apologies my earlier post
Dimitris,
Il 16/05/2024 13:26, Dimitris Zacharopoulos (HARICA) via Smcwg-public ha
scritto:
I think it is ok for the same CA to accept a signed (with an existing
S/MIME IV Certificate) request for renewal, coming from an existing
Subscriber, as long as the existing stored evidence can be
the second one, and I’d be very hesitant
on supporting something like that, without a proper time limit in
place at which point re-validation would need to occur.
Regards,
Martijn
*From: *Smcwg-public on behalf of
Adriano Santoni via Smcwg-public
*Date: *Monday, 13 May 2024 at 15:32
Hi all,
I already made the following proposal previously, both in writing here
on the mailing list and also verbally during the last call (at the very
last minutes as it was not on the agenda, sorry), but I don't see it
mentioned in the call minutes of May 8 below, so I'll try to propose it
I agree with Dimitris' suggestions, as far as the eIDAS framework is
concerned.
In the meantime, let's note that today eIDAS2 was published in the EU
Official Journal as Regulation (EU) 2024/1183 amending the old eIDAS
(Regulation (EU) No 910/2014), and some of the original articles have
For me it's fine to start inserting the eIDAS scheme.
I understand Judith Spencer's concerns, however it is clear that here we
are working in an "additive" way, so nothing prevents further schemes
from being introduced later, as soon as there is consensus. Even now, if
we are aware of at
Actalis votes YES on SMC-06.
Il 04/04/2024 20:15, Stephen Davidson via Smcwg-public ha scritto:
NOTICE: Pay attention - external email - Sender is
0100018eaa5286ae-6c997690-71be-4c0d-9fe8-08b5014a3f05-000...@amazonses.com
*Ballot SMC06: Post implementation clarification and corrections*
Actalis votes YES.
Il 04/04/2024 18:14, Stephen Davidson via Smcwg-public ha scritto:
NOTICE: Pay attention - external email - Sender is
0100018ea9e42d26-9206748c-c7d9-4f29-b3c1-12c3b404898c-000...@amazonses.com
*Ballot SMC06: Post implementation clarification and corrections*
**
Actalis votes YES
Il 11/01/2024 00:32, Corey Bonnell via Smcwg-public ha scritto:
*Ballot SMC05: Adoption of CAA for S/MIME*
**
*Purpose of Ballot:*
The ballot proposes changes to the S/MIME Baseline Requirements to
introduce the use of Certification Authority Authorization (CAA)
for some
companies it may be required (or at least desired) to obtain
certificates during that time.
Maria Merkel
On Tue, Jan 9, 2024 at 5:44 PM Adriano Santoni via Smcwg-public
wrote:
Hello all,
Authentication of organization identity involves the collection of
some attributes
Hello all,
Authentication of organization identity involves the collection of some
attributes and their validation. To collect these attributes, a CA
typically queries a reliable third-party source, e.g. the business
register of the relevant country. Among the attributes that can be found
in
I agree with Bruce.
Adriano
Il 14/12/2023 14:56, Bruce Morton via Smcwg-public ha scritto:
NOTICE: Pay attention - external email - Sender is
0100018c689d7d14-2e0d295e-4952-4049-bdc3-84d310911b4b-000...@amazonses.com
I wondering about this requirement, “CAA checking is optional for
Actalis votes "yes" to ballot SMC04.
Il 01/11/2023 18:07, Stephen Davidson via Smcwg-public ha scritto:
NOTICE: Pay attention - external email - Sender is
0100018b8bdb2c15-1cb489cd-e203-495e-85e4-240092289c0d-000...@amazonses.com
Hello:
The voting period for Ballot SMC04 has started.
I believe there is an inconsistency between section 3.2.3.1 (Attribute
collection of organization identity) and section 7.1.4.2.2 (Subject
distinguished name fields).
In 3.2.3.1 it is specified that "The CA or RA SHALL collect and retain
evidence supporting the following identity attributes
of using an OV profile for
CN=email, O=Company might be sensible, we’re still fundamentally
modifying the legacy SV profile.
Christophe
*From:*Smcwg-public
<mailto:smcwg-public-boun...@cabforum.org> *On Behalf Of *Adriano
Santoni via Smcwg-public
*Sent:*
.
Christophe
*From:*Smcwg-public *On Behalf Of
*Adriano Santoni via Smcwg-public
*Sent:* Friday, October 20, 2023 10:33 AM
*To:* Ashish Dhiman ; SMIME Certificate
Working Group ; Martijn Katerbarg
*Subject:* Re: [Smcwg-public] [External Sender] RE: Re: Re: Re: SV
certificates devoid
*On Behalf
Of* Adriano Santoni via Smcwg-public
*Sent:* Thursday, October 19, 2023 5:00 PM
*To:* Martijn Katerbarg ; SMIME
Certificate Working Group
*Subject:* Re: [Smcwg-public] [External Sender] Re: Re: Re: SV
certificates devoid of individual attributes
I have created the pull request below
ld see that as a possible legacy use case, with the intend to
deprecate. I’m not sure if any CA needs that use case at current though.
Regards,
Martijn
*From: *Smcwg-public on behalf of
Adriano Santoni via Smcwg-public
*Date: *Monday, 16 October 2023 at 18:09
*To: *smcwg-public@cabforum.org
*S
* had either the
pseudonym or givenName+surname in it?
I could see that as a possible legacy use case, with the intend to
deprecate. I’m not sure if any CA needs that use case at current though.
Regards,
Martijn
*From: *Smcwg-public on behalf of
Adriano Santoni via Smcwg-public
*Date: *Monday
I would suggest an amendment in order to correct this unintended result;
I'm available to dratf a proposal it if there are any endorsers.
Adriano
Il 16/10/2023 17:17, Dimitris Zacharopoulos via Smcwg-public ha scritto:
NOTICE: Pay attention - external email - Sender is
for a Sponsor Validated
cert over OV, however it does appear to be compliant, yet only for
Legacy templates.
Regards,
Martijn
*From: *Smcwg-public on behalf of
Adriano Santoni via Smcwg-public
*Date: *Monday, 16 October 2023 at 15:52
*To: *smcwg-public@cabforum.org
*Subject: *[Smcwg-public] SV
Hello all,
I have the impression that the current SMBRs allow to issue
Sponsor-Validated certificates which, contrary to the definition of this
type of certificate, do not contain any "Individual (Natural Person)
attributes" (quoting from the definition of Sponsor-Validated). At
least, this
That's exactly what I also think (quoting Clint):
It’s bad practice to rely on fields in the CSR.
Adriano
Il 05/10/2023 20:51, Berge, Jochem Van den ha scritto:
In the end I agree with Clint’s original statement I think. The CSR
should only be used to bind the certificate to a public key.
ttp://www.globalsign.co.uk/>|www.globalsign.eu
<http://www.globalsign.eu/>
*From: *Smcwg-public on behalf of
Adriano Santoni via Smcwg-public
*Date: *Monday, 2 October 2023 at 07:57
*To: *smcwg-public@cabforum.org
*Subject: *Re: [Smcwg-public] [External Sender] Re: [EXTERNAL]-Re:
Fields for
Not necessarily: the email address can be transmitted to the CA as a
separate datum.
Indeed, I would say that this is preferable because it allows syntax
checking on the email address without even starting to look at the CSR,
from which in my opinion only the public key should be taken.
I fully concur with Clint Wilson.
Adriano
Il 29/09/2023 17:52, Clint Wilson via Smcwg-public ha scritto:
Hi all,
In my opinion, CSRs should really be limited to conveying the public
key and a proof of possession of the private key; the fields included
therein /may/ act as confirmatory
Hi all,
there is another aspect about which I have some doubts; I apologize if
this has already been discussed previously and I missed the discussion.
The same mailbox can very well (nothing prevents it) be accessible by
two different subjects A and B who have nothing to do with each other
that a CA includes an email that has
not been verified… assuming that the email is still permitted, which I
understand is not if we apply the “default deny” thing here.
Best,
Pedro
On 18 Sep 2023, at 08:25, Adriano Santoni via Smcwg-public
wrote:
Hi Pedro,
I think you didn't get what I me
/2023 09:27, Pedro FUENTES ha scritto:
We should maybe just understand that there are companies that don’t
have a corporate mail service.
IMHO… Once the mailbox is validated, the domain component is not
relevant.
Le 16 sept. 2023 à 07:23, Adriano Santoni via Smcwg-public
a écrit
- 888 76 91**
jochem.vanden.be...@logius.nl <mailto:jochem.vanden.be...@logius.nl>_
_ www.logius.nl <http://www.logius.nl/>__
workdays Mo-Tue & Thu-Fri
*Van:* Smcwg-public *Namens*
Adriano Santoni via Smcwg-pu
Hello all,
given that an S/MIME OV certificate is characterized by the fact that it
conveys the identity of an organization, it is acceptable for an OV
certificate to contain an email address that is clearly associated with
an individual mailbox (e.g. name.surn...@companydomain.tld) ?
If
33 matches
Mail list logo
