CommonName Personal Name/Pseudonym options don't align with subject givenName/surname/pseudonym restriction #203
Labels
Comments
srdavidson
added a commit
to srdavidson/smime
that referenced
this issue
Sep 26, 2023
|
See proposed change at srdavidson@4203e6d |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Some extra text is needed to align commonName use with the restriction around subject givenName, surname and pseudonym.
If a subject:pseudonym is present, then subject:givenName and/or subject:surname should be absent and vice versa. However, if a subject:pseudonym is present, it's currently still possible to have a Personal Name in the commonName which seems at odds with the existing rule. Similarly, one could have a certificate containing a subject:givenName and subject:surname and then put one's pseudonym in the commonName despite the fact that there is a rule in place which would prevent the pseudonym being put into a subject:pseudonym field.
I don’t think it’s a difficult thing to fix though. Adding the following lines to 7.1.4.2.2(a) should close this hole effectively enough:
“If the subject:commonName contains a Pseudonym, then the subject:givenName and/or subject:surname attributes SHALL NOT be present.”
“If the subject:commonName contains a Personal Name, then the subject:pseudonym attribute SHALL NOT be present.”
The text was updated successfully, but these errors were encountered: