Hello all,I have the impression that the current SMBRs allow to issue Sponsor-Validated certificates which, contrary to the definition of this type of certificate, do not contain any "Individual (Natural Person) attributes" (quoting from the definition of Sponsor-Validated). At least, this seems to hold for the "Legacy Generation profiles".
* according to §3.1.1 and §7.1.4.2.2, the commonName does not necessarily have to contain a Personal Name (in fact it MAY contain a Mailbox Address) * according to §7.1.4.2.5, givenName and surname attributes are not required in "Legacy Generation profiles".Furthermore, as already discussed in a previous thread, there is no requirement that a personal email address have a "personal" appearance (e.g. forename.surn...@company.com).
Therefore, if I understand correctly, a Subject of the following type within a "Legacy" SV (Sponsor-Validated) certificate would be 100% compliant:
CN=i...@example.com, O=Example HmbH, organizationIdentifier=NTRXX-xxxxx, C=XX
If this is true, it would make no difference if the certificate was OV rather than SV: the Subject could be identical in the two cases, and it would be devoid of "Individual (Natural Person) attibutes".
Is the above correct, or am I missing something? Adriano
smime.p7s
Description: Firma crittografica S/MIME
_______________________________________________ Smcwg-public mailing list Smcwg-public@cabforum.org https://lists.cabforum.org/mailman/listinfo/smcwg-public
