Clarify dependencies on the TLS BRs for subordinate CA certificates #268
Description
In the TLS BRs there are some requirements that - if I'm not mistaken - also apply to subordinate CAs issuing S/MIME certificates (since they are "non-TLS Subordinate CA Certificates" in TLS BRs terminology). However, it seems to me that those requirements are not expressly taken into account in the SMIME BRs, thus leading to some ambiguity. For instance, regarding the naming of subordinate CA certificates, §7.1.4.3.1 of SMIME BRs states that...
Other attributes MAY be present within the subject field. If present, other attributes SHALL contain information that has been verified by the CA.
On the other hand, §7.1.2.10.2 of the TLS BR (CA Certificate Naming) specifies that for non-TLS CAs the organizationalUnitName attribute "SHOULD NOT be included", and other attributes are "NOT RECOMMENDED".
Therefore the two sets of requirements (SMIME BRs and TLS BRs) don't seem fully consistent and ultimately it is not very clear which naming rules apply to subordinate CAs issuing S/MIME certificates, just to mention one aspect of the issue.
I propose to resolve the ambiguity by making some minimal additions to the SMIME BRs.