Well, in my opinion that's not a good thing. Adriano
Il 16/10/2023 16:16, Martijn Katerbarg ha scritto:
Hi Adriano,Yes, I do believe you’re correct. Taking your example, the only difference would be the Policy OID in the certificate.I’m not sure why anyone would in that case opt for a Sponsor Validated cert over OV, however it does appear to be compliant, yet only for Legacy templates.Regards, Martijn*From: *Smcwg-public <smcwg-public-boun...@cabforum.org> on behalf of Adriano Santoni via Smcwg-public <smcwg-public@cabforum.org>*Date: *Monday, 16 October 2023 at 15:52 *To: *smcwg-public@cabforum.org <smcwg-public@cabforum.org> *Subject: *[Smcwg-public] SV certificates devoid of individual attributesCAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.Hello all,I have the impression that the current SMBRs allow to issue Sponsor-Validated certificates which, contrary to the definition of this type of certificate, do not contain any "Individual (Natural Person) attributes" (quoting from the definition of Sponsor-Validated). At least, this seems to hold for the "Legacy Generation profiles".* according to §3.1.1 and §7.1.4.2.2, the commonName does not necessarily have to contain a Personal Name (in fact it MAY contain a Mailbox Address) * according to §7.1.4.2.5, givenName and surname attributes are not required in "Legacy Generation profiles".Furthermore, as already discussed in a previous thread, there is no requirement that a personal email address have a "personal" appearance (e.g. forename.surn...@company.com).Therefore, if I understand correctly, a Subject of the following type within a "Legacy" SV (Sponsor-Validated) certificate would be 100% compliant:CN=i...@example.com, O=Example HmbH, organizationIdentifier=NTRXX-xxxxx, C=XXIf this is true, it would make no difference if the certificate was OV rather than SV: the Subject could be identical in the two cases, and it would be devoid of "Individual (Natural Person) attibutes".Is the above correct, or am I missing something? Adriano
smime.p7s
Description: Firma crittografica S/MIME
_______________________________________________ Smcwg-public mailing list Smcwg-public@cabforum.org https://lists.cabforum.org/mailman/listinfo/smcwg-public
