Hi Rob, I think minimally filing an issue in https://github.com/cabforum/smime/issues would be a good thing to do to track this potential conflict. FWIW, I also think the issue identified is indeed an issue (though probably not major) and your proposed updates seem reasonable to me as well.
Cheers, -Clint > On Jul 13, 2023, at 6:52 AM, Robert Lee via Smcwg-public > <smcwg-public@cabforum.org> wrote: > > Dear all, > > I’m emailing because I think some further clarification may be needed in > section 7.1.4.2.2(a) around commonNames as Personal Names or Pseudonyms > (capital ‘P’ based on SMC03 changes). > > What I think is needed is to align some of the uses of commonNames with the > existing rules around if subject:pseudonym is present then > subject:givenName/subject:surname SHALL NOT be present and the vice versa > rule. My understanding/assumption is that the pseudonym/givenName/surname > rules are in place to make an SMIME certificate a Pseudonym cert or a > Personal Name cert and not to be both at the same time (especially as putting > one’s name into the cert would dramatically reduce any privacy afforded by > using a Pseudonym). > > However, the options for commonName in sponsor and individual validated > certificates don't entirely work with the above as currently you _could_ have > a subject:pseudonym and then put your Personal Name in the commonName which > doesn't track with my understanding/assumption of what the > pseudonym/givenName/surname rules are supposed to achieve. > > I don’t think it’s a difficult thing to fix though. Adding the following > lines to 7.1.4.2.2(a) should close this hole effectively enough: > > “If the subject:commonName contains a Pseudonym, then the subject:givenName > and/or subject:surname attributes SHALL NOT be present.” > > “If the subject:commonName contains a Personal Name, then the > subject:pseudonym attribute SHALL NOT be present.” > > If people broadly agree with my suggestion then I’m happy to make a PR into > the BRs or somewhere else if, like SMC03, there’ll be a branch collecting > changes in someone’s fork of the document. > > Best Regards, > Rob > > Dr. Robert Lee MEng PhD > Senior Software Engineer with Cryptography SME > www.globalsign.co.uk <http://www.globalsign.co.uk/>|www.globalsign.eu > <http://www.globalsign.eu/> > > _______________________________________________ > Smcwg-public mailing list > Smcwg-public@cabforum.org <mailto:Smcwg-public@cabforum.org> > https://lists.cabforum.org/mailman/listinfo/smcwg-public
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Smcwg-public mailing list Smcwg-public@cabforum.org https://lists.cabforum.org/mailman/listinfo/smcwg-public