Re: [cabfpub] For Discussion: S/MIME Working Group Charter

Thu, 17 May 2018 21:58:24 -0700 


On 18/5/2018 2:51 πμ, Ryan Sleevi via Public wrote:

I don't think it's a cross-EKU situation, though, but I'm glad we're 
in agreement.



An email server certificate is an id-kp-serverAuth EKU. That's already 
covered by another WG



I sincerely hope that id-kp-clientAuth EKU will also be covered by this 
WG since there will be common validation requirements for Subject 
information, as with S/MIME. It seems too much overhead to spawn an 
entirely different WG to deal just with clientAuth.



If people agree, how about using the name "Client and S/MIME Certificate 
WG" which seems aligned with the "Server Certificate WG"?



Dimitris.





On Thu, May 17, 2018 at 7:49 PM, Tim Hollebeek via Public 
<[email protected] <mailto:[email protected]>> wrote:


    My personal opinion is that cross-EKU chimeras should not exist. 
    I realize they’re extremely common in the industry, but they’re bad.

    DigiCert has had a long and vigorous internal discussion about the
    correct number of EKUs in a certificate. I’m a strong proponent of
    the “exactly one” position, but other people have differing opinions.

    I see Ryan agreeing; I think we should do whatever we can to make
    sure the Working Groups have disjoint and clearly defined scopes.

    -Tim

    *From:*Moudrick M. Dadashov [mailto:[email protected] <mailto:[email protected]>]
    *Sent:* Thursday, May 17, 2018 7:30 PM
    *To:* Tim Hollebeek <[email protected]
    <mailto:[email protected]>>; CA/Browser Forum Public
    Discussion List <[email protected] <mailto:[email protected]>>
    *Subject:* Re: [cabfpub] For Discussion: S/MIME Working Group Charter

    Email server certificates not included?

    Thanks,
    M.D.

    On 5/18/2018 1:49 AM, Tim Hollebeek via Public wrote:

        Oops, missed a spot:

        1. To specify S/MIME Baseline Requirements, Extended
        Validation Guidelines, Network and Certificate System Security
        Requirements, and other acceptable practices for the issuance
        and management of S/MIME certificates used to sign and encrypt
        emails.




        _______________________________________________

        Public mailing list

        [email protected] <mailto:[email protected]>

        https://cabforum.org/mailman/listinfo/public
        <https://cabforum.org/mailman/listinfo/public>


    _______________________________________________
    Public mailing list
    [email protected] <mailto:[email protected]>
    https://cabforum.org/mailman/listinfo/public
    <https://cabforum.org/mailman/listinfo/public>




_______________________________________________
Public mailing list
[email protected]
https://cabforum.org/mailman/listinfo/public



_______________________________________________
Public mailing list
[email protected]
https://cabforum.org/mailman/listinfo/public
























					Reply via email to