Shouldn't at least the email address be included, and verified, of course, by the CA?
On Fri, Sep 29, 2023, 11:35 AM Pedro FUENTES <pfuen...@wisekey.com> wrote: > +1 > > > Le 29 sept. 2023 à 17:52, Clint Wilson via Smcwg-public < > smcwg-public@cabforum.org> a écrit : > > Hi all, > > In my opinion, CSRs should really be limited to conveying the public key > and a proof of possession of the private key; the fields included therein > *may* act as confirmatory signals for a CA, but shouldn’t be directly > relied upon e.g. to generate a tbsCertificate. Rather, the values placed in > fields of a tbsCertificate should originate from the CA’s validated data > store to ensure that the only paths for data to become part of a signed > certificate are through static configurations (e.g. signatureAlgorithm) or > known-validated data. > > There’s plenty of nuance we can discuss as well, but generally speaking I > believe it’s bad practice to rely on fields in the CSR. > > Cheers, > -Clint > > On Sep 29, 2023, at 8:27 AM, Ben Wilson via Smcwg-public < > smcwg-public@cabforum.org> wrote: > > All, > I'm interested in gathering information from Certificate Issuers about the > kind of information that they would like to collect/extract from the CSRs > they receive from S/MIME certificate applicants. This information could be > used to refine a system to generate CSRs that result in certificates > compliant with the various profiles defined in the S/MIME BRs. > Alternatively, what is the minimum amount of information that CAs might > expect to obtain from CSRs? In other words, which fields should a CSR > generator integrated with a Certificate Consumer's software support? > Thanks, > Ben > _______________________________________________ > Smcwg-public mailing list > Smcwg-public@cabforum.org > https://lists.cabforum.org/mailman/listinfo/smcwg-public > > > _______________________________________________ > Smcwg-public mailing list > Smcwg-public@cabforum.org > > https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=SdzPRXhti18pWLmVPVZwDOe4My0SBGtWzL3HSt02tHKsXpWQUw9YUb_QzXtxZYtw&s=5yodJ9UuvfVvN_CqY53dyFJyNwYRRJDEfhmuysvXrQA&e= > >
_______________________________________________ Smcwg-public mailing list Smcwg-public@cabforum.org https://lists.cabforum.org/mailman/listinfo/smcwg-public