Lint for CABF SMIME 7.1.4.2.h - If present, the subject:emailAddress SHALL contain a single Mailbox Address

[CBonnell]

The associated pull request is closed, so I'll comment here. The full text of 7.1.4.2.2 (h) says:

Certificate Field: subject:emailAddress (1.2.840.113549.1.9.1) Contents: If present, the subject:emailAddress SHALL contain a single Mailbox Address as verified under Section 3.2.2.

Given that 7.1.4.2.2 is entitled "Subject distinguished name fields" and the specified OID "1.2.840.113549.1.9.1" denotes the PKCS #9 emailAddress attribute, the scope of the requirement is limited only to that single attribute. This passage is providing guidance that only a single Mailbox Address can be contained in the attribute value; it is not acceptable to include multiple Mailbox Addresses in a single attribute by delimiting them with a character (such as a space, semicolon, etc.).

Much in the same way that the TLS BRs do not prescribe an upper bound on the number of domain names/IP addresses allowed in a TLS certificate, the SMIME BRs do not prescribe an upper bound on the number of email addresses allowed in a SMIME certificate.

[cardonator]

That makes sense, in this context the check should be that the contents of each element of the EmailAddresses array contain a single email address with no additional characters or email addresses.