CA/Browser Forum
Home » All CA/Browser Forum Posts » 2020-07-22 Minutes of the S/MIME Certificate Working Group

2020-07-22 Minutes of the S/MIME Certificate Working Group

Attendees (in alphabetical order)

Qiu Dawei (CFCA), Zhang Danmeng (CFCA), Li-Chun Chen (Chunghwa Telecom ), Tim Hollebeek (DigiCert), Dean Coclin (DigiCert), Stephen Davidson (DigiCert), Andreas Henschel (D-TRUST), Enrico Entschew (D-TRUST), Vijay Kumar (eMudhra), Bruce Morton (Entrust DataCard), Wang Chunlan (GDCA), Xiu Lei (GDCA), Doug Beattie (GlobalSign), Hugh Mercer (GlobalSign), Atsushi Inaba (GlobalSign), Dimitris Zacharopoulos (HARICA), Toria Chen (SHECA), Chris Kemmerer (SSL.com), Mike Guenther (SwissSign), Neil Dunbar (TrustCor), Corey Bonnell (Trustwave), Janet Hines (Trustwave), David Chen (TWCA), Pedro Fuentes (OISTE), Hongquan Yin (Microsoft), Mike Reilly (Microsoft), Ben Wilson (Mozilla), Matthias Wiedenhorst (ACAB’c), India Donald (Federal PKI), Wendy Brown (Federal PKI), Thomas Connelly (Federal PKI), Hazhar Ismail (MSC Trustgate.com Sdn Bhd), Markus Wichmann (TeleTrust), Morad Abou Nasser (TeleTrust), Rufus Buschart (TeleTrust), Arno Fiedler, Christian Heutger (PSW), Russ Housley (Vigil Security, LLC), Patrycja Tulinska (PSW), Jeff Ward (WebTrust), Don Sheehy (WebTrust), Kai Engert (Thunderbird)

1. Roll Call

The Roll Call was taken.

2. Read Antitrust Statement

The Antitrust/Compliance Statement was read.

3. Review Agenda

No changes to the agenda were noted.

4. Approval of minutes from last teleconference

NA

4. Formation of SMCWG

An overview of the voting procedures was provided as outlined in the SMCWG Charter and CABF By-Laws for both the formation of the SMCWG and membership as well as onward ballots. Acting Chair Stephen Davidson proposed a list of initial qualifying members as follows.

Certificate Issuers: Actalis, Asseco Data Systems (Certum), BuyPass, CFCA, Comsign, DigiCert, D-TRUST, eMudhra, Entrust DataCard, GDCA, GlobalSign, HARICA, SHECA, SSL.com, SwissSign, TrustCor, Trustwave, TWCA, OISTE Foundation. Certificate Consumers: Microsoft, Mozilla/Thunderbird. Associate Members: ACAB’c, TeleTrusT, Federal PKI, MSC Trustgate.com Sdn Bhd, WebTrust. Interested Parties: Arno Fiedler (ETSI), PSW, Vigil Security.

A discussion was held. It was noted that Mozilla was working with its affiliate Thunderbird, but that changes in organizational structure may lead to membership category changes at a later date. It was questioned whether Associate Member or Interested party was more appropriate for TeleTrust and the Acting Chair decided to remove TeleTrusT from the current vote.

A roll call of the proposed members was held and more than two-thirds of the proposed initial membership voted in favor in accordance with the Charter. There were no votes against the proposed members (with only abstentions or not present).

The initial members of the SMCWG are as follows. Certificate Issuers: Actalis, Asseco Data Systems (Certum), BuyPass, CFCA, Comsign, DigiCert, D-TRUST, eMudhra, Entrust DataCard, GDCA, GlobalSign, HARICA, SHECA, SSL.com, SwissSign, TrustCor, Trustwave, TWCA, OISTE Foundation. Certificate Consumers: Microsoft, Mozilla/Thunderbird. Associate Members: ACAB’c, Federal PKI, MSC Trustgate.com Sdn Bhd, WebTrust. Interested Parties: Arno Fiedler (ETSI), PSW, Vigil Security.

5. Election of Officers

Stephen Davidson was proposed by Dean Coclin to act as Chair of the SMCWG. A voice vote was held and Stephen Davidson was elected to serve as Chair. It was agreed to elect a Vice Chair of the SMCWG at a later meeting. It was agreed that Stephen Davidson and Jos Purvis of the Infrastructure Subcommittee would serve as webmaster as required.

6. Goals and Next Steps

A discussion was held on the goals of the SMCWG as described in the Charter. It was agreed that initial work would focus on verification of control over email addresses and certificate profiles for end entity S/MIME certificates and Issuing CA certificates. Later steps would focus on key management and certificate lifecycle; CA operational practices, physical/logical security; and identity validation.

Members were asked to provide examples of known standards for S/MIME certificates for the group’s consideration.

7. Any Other Business

No other business was discussed.

Moderation has been removed from members of the SMCWG on the public and management list. Ordinarily discussion should occur on the public list at which has a public access archive. The management list at is used for tasks such as scheduling and approval of minutes.

8. Next call

The next call will take place on August 5, 2020 at 11:00am Eastern Time. A separate invitation has been sent to members of the SMCWG; meetings will occur every other week in weeks of the main CABF call.

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).