DRAFT: Allow "pseudo:" prefix in CN for smime sponsored and individual#156
Open
axel-sws wants to merge 3 commits intodigicert:mainfrom
Open
DRAFT: Allow "pseudo:" prefix in CN for smime sponsored and individual#156axel-sws wants to merge 3 commits intodigicert:mainfrom
axel-sws wants to merge 3 commits intodigicert:mainfrom
Conversation
This certificate has: - subject:commonName: "pseudo: some-pseudonym" - subject:pseudonym: "some-pseudonym" Which does not match, as validations enforce an exact match on commonName / pseudonym.
If subject:commonName is present along with subject:pseudonym, allow subject:commonName prefixed with "pseudo:" or "Pseudo:", with or without whitespace after the colon.
Remove the CommonNameValidator error, as "pseudo:" prefix is allowed by previous commit: Allow "pseudo:" prefix in CN for smime sponsored and individual
Collaborator
|
Thanks for submitting this, @axel-sws! The discussion on the SMIME WG call last week indicated that the current SMIME BRs currently don't allow this, but a ballot will be formulated to permit prefixes/suffixes in the CN to indicate that a pseudonym is included. We can keep this PR open to integrate the amended requirements in the SMIME linter when such a ballot is passed. |
Author
|
I accidentally deleted my branch "allow-pseudo-prefix", which automatically closed this pull request. Apologies for the inconvenience |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This merge request adds a "hotfix" for issue #155, allowing "pseudo:" prefix in subject:commonName if it is present along with subject:pseudonym.
I'm sure there is more "frameworky" way of implementing this, especially we might want to emit a NOTICE in case a "pseudo:" prefix is encountered. I'm sharing this hotfix hoping to be useful to you, as we had to implement something we can test against sponsored-multipurpose certificates using pseudonyms.