2020-08-05 Minutes of the S/MIME Certificate Working Group
Attendees (in alphabetical order)
Matthias Wiedenhorst (ACAB’c), Arno Fiedler (Arno Fiedler ), Li-Chun Chen (Chunghwa Telecom), Tsung-Min Kuo (Chunghwa Telecom), Andreas Henschel (D-TRUST), Enrico Entschew (D-TRUST), Dean Coclin (DigiCert), Stephen Davidson (DigiCert), India Donald (Federal PKI), Wendy Brown (Federal PKI), James Knapp (Federal PKI), Hugh Mercer (GlobalSign), Atsushi Inaba (GlobalSign), Hongquan Yin (Microsoft), Mike Reilly (Microsoft), Ben Wilson (Mozilla), Hazhar Ismail (MSC Trustgate.com Sdn Bhd), Ahmad Syafiq Md Zaini (MSC Trustgate.com Sdn Bhd), Pedro Fuentes (OISTE), Patrycja Tulinska (PSW), Rich Smith (Sectigo), Chris Kemmerer (SSL.com), Thanos Vrachnos (SSL.com), Mike Guenther (SwissSign), Markus Wichmann (TeleTrust), Morad Abou Nasser (TeleTrust), Rufus Buschart (TeleTrust), Corey Bonnell (Trustwave), Janet Hines (Trustwave), David Chen (TWCA), Jeff Ward (WebTrust), Don Sheehy (WebTrust)
1. Roll Call
The Roll Call was taken.
2. Read Antitrust Statement
The Antitrust/Compliance Statement was read.
3. Review Agenda
No changes to the distributed agenda were noted.
4. Approval of minutes from last teleconference
The minutes of the July 20 teleconference were approved as distributed.
5. Approval of New Members
The declarations of the following organisations were noted:
- Certificate Issuer: Chungwa Telecom, iTrusChina, Sectigo, SSC
- Interested Party: TeleTrusT
A vote by consensus was agreed that the applicants met the membership requirements of the Charter, and the applicants’ membership in the SMCWG was accepted by consensus.
6. Discussion of approach and deliverables
A discussion was held on the primary deliverables described in the SMCWG Charter. It was agreed that the group would initially begin by considering certificate profiles for S/MIME end entity certificates and CA certificates.
Members were asked to continue to provide examples of known requirements and standards for S/MIME certificates for the group’s consideration. So far, examples have been provided for Mozilla’s root policy, Gmail, the U.S. Federal PKI, ETSI, BSI/ Germany, and Siemens.
It was agreed that the deliverable would take the form of RFC 3647, indicating in sections where content is to be referred from the Baseline Requirements or other standard, or similarly noting deviations/enhancements to the referred text. “No stipulation” will be used in sections where no requirement is indicated.
It was agreed that the document would move to GitHub for commenting at a later date as initial text was proposed. It was suggested that the Infrastructure Committee of the CA/Browser Forum could hold a “GitHub for nonDevelopers” training session.
6. Any Other Business
The WG was encouraged to consider, when reviewing certificate profiles, opportunities to enhance the value of S/MIME certificates in evolving uses. For example, this might include marking certificates to note where keys were generated or stored (e.g., CA, service provider, OS, app, token), among other ideas.
No other business was discussed.
7. Next call
The next call will take place on August 19, 2020 at 11:00am Eastern Time. A separate invitation has been sent to members of the SMCWG; meetings will occur every other week in weeks of the main CABF call.