Home » All CA/Browser Forum Posts » Ballot FORUM-11: Creation of S/MIME Certificates Working Group

Ballot FORUM-11: Creation of S/MIME Certificates Working Group

Vote Results

The voting period for Ballot FORUM-11 has ended and the Ballot has Failed. Here are the results:

Voting by Certificate Issuers – 4 votes total including abstentions

Three CAs voted in favor: DigiCert, Actalis, OISTE

One CA Abstained: Trustcor

Voting by Certificate Consumers – 4 votes total including abstentions

Three Browsers voted against: Apple, Google, Microsoft

One Browser abstained: Mozilla

Therefore, the ballot fails.

Ballot Text

The following ballot is proposed by Tim Hollebeek of DigiCert and endorsed by Wayne Thayer of Mozilla and Adriano Santoni of Actalis.

Ballot Forum-11: Creation of S/MIME Certificates Working Group

Purpose of the Ballot

The CA/Browser Forum recently underwent a two-year long governance reform exercise, modifying the Bylaws to allow the creation of working groups that covered topics other than server certificates. While originally motivated by the inability to maintain requirements for code signing certificates, it was anticipated from the start that this would also provide an opportunity to create other working groups that could develop and maintain certificate profiles and requirements for other kinds of certificates. While a number of regional and technical standards exist regarding the creation and issuance of S/MIME certificates, there is no current global forum for certificate authorities and those who consume or use S/MIME certificates to come together and develop and maintain policies and standards for those certificates. This lack of standards has impeded the adoption and interoperability of S/MIME certificate worldwide. This ballot would establish a working group chartered to develop and maintain such standards for S/MIME certificates, including but not limited to two important priorities: a uniform certificate profile for the issuance of publicly-trusted S/MIME certificates, and validation requirements for such certificates.

- MOTION BEGINS –

Establish S/MIME Certificates Working Group

Upon approval of the CAB Forum by ballot in accordance with section 5.3 of the Bylaws, the S/MIME Certificates Working Group (“SMWG”) is created to perform the activities as specified in the attached Charter.

- MOTION ENDS

Attached charter available here

Latest releases

Server Certificate Requirements
BRs/2.1.2 SC-080 V3: Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods - Dec 16, 2024

Ballot SC-080 V3: “Sunset the use of WHOIS to identify Domain Contact… (https://github.com/cabforum/servercert/pull/560) Ballot SC-080 V3: “Sunset the use of WHOIS to identify Domain Contacts and relying DCV Methods” (https://github.com/cabforum/servercert/pull/555)

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.8 - Ballot SMC010 - Dec 23, 2024

This ballot adopts Multi-Perspective Issuance Corroboration (MPIC) for CAs when conducting Email Domain Control Validation (DCV) and Certification Authority Authorization (CAA) checks for S/MIME Certificates. The Ballot adopts the MPIC implementation consistent with the TLS Baseline Requirements. Acknowledging that some S/MIME CAs with no TLS operations may require additional time to deploy MPIC, the Ballot has a Compliance Date of May 15, 2025. Following that date the implementation timeline described in TLS BR section 3.2.2.9 applies. This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Ashish Dhiman (GlobalSign) and Nicolas Lidzborski (Google).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35