(Replying from the correct e-mail) On Thu, Feb 6, 2020 at 3:55 PM Doug Beattie via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> We should clarify the Mozilla policy to more clearly define list of fields > containing email address (those 3 listed above) must be validated in > section > 2.2 so that this is clear and concise. > Doug, Is the proposal that, similar to how TLS defines that domain names MUST appear within the SAN:dNSName, that emailAddresses MUST appear within one of those three fields (that is: subject:commonName, subject:emailAddress, subjectAltName:rfc822Name), that any value in the subject MUST also appear in the subjectAltName, and an emailAddress MUST NOT appear in any other field? That would address the concern, correct? Wayne opened this issue in December and I just replied with a comment > related to the validation requirements of SAN/Other Name/UPN: > > https://github.com/mozilla/pkipolicy/issues/200 I'm not sure I understand your question on this issue, and was hoping you could expand. As you note, it's not used within S/MIME, so presumably, it's not necessary for an S/MIME certificate, and thus MUST NOT be included. That would resolve the ambiguity, correct? Are you aware of any system that requires a single certificate contain both in order to be used for S/MIME? If I understood your question right, it's not required. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
