2021-09-29 Minutes of the S/MIME Certificate Working Group
Minutes of SMCWG
September 29, 2021
These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.
Attendees
Ali Gholami (Telia Company), Andrea Holland (SecureTrust), Andreas Henschel (D-TRUST), Atsushi Inaba (GlobalSign), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (DigiCert), David Kluge (Google), Don Sheehy (WebTrust), Eusebio Herrera (Camerfirma), Inigo Barreira (Sectigo), Joanna Fox (TrustCor), Mads Henriksveen (BuyPass), Matthias Wiedenhorst (ACAB’c), Mauricio Fernandez (TeleTrust), Miguel Sanchez (Google), Morad Abou Nasser (TeleTrust), Mrugesh Chandarana (IdenTrust), Patrycja Tulinska (PSW), Rebecca Kelley (Apple), Renne Rodriguez (Apple), Sebastian Schulz (GlobalSign), Stefan Selbitschka (rundQuadrat), Stephen Davidson (DigiCert), Tadahiko Ito (SECOM Trust Systems), Thomas Connelly (Federal PKI), Tim Crawford (WebTrust), Tsung-Min Kuo (Chunghwa Telecom), Wendy Brown (Federal PKI)
1. Roll Call
The Roll Call was taken.
2. Read Antitrust Statement
The Antitrust/Compliance Statement was read.
3. Review Agenda
4. Approval of minutes from last teleconference
The minutes of the September 15 teleconference were approved.
5. Discussion
A reminder was made of the informal poll on adoption of ECC. A link has been sent to the Management list, seeking Certificate Issuer feedback by October 8.
The declaration of participation of existing CABF member PrimeKey as an Interested Party member of SMCWG was confirmed.
Ben Wilson discussed the work of the NetSec subcommittee of the Server Cert WG. The NetSec requirements are referred to in several of the existing BRs and are likely to be included in the SMIME BR. Ben is polling feedback from members regarding the possibility of moving NetSec to become a WG in its own right. Stephen Davidson noted that some requirements were originally developed as part of the TLS BR -and lingering references to TLS sometimes complicated their being incorporated by reference in other standards. He supported the idea of some of these topics being pulled into separate documents. NetSec is one, audit might be another. The idea is that some WG would focus on cert types and others on CA topics. Ben clarified this would be a CABF ballot, requiring a WG charter, but is gaging enthusiasm at this time.
It was decided at the face-to-face that the WG would discuss the validity periods for the SMIME profiles. Some groups have proposed a default of 398 days, the gmail policy was set at 27 months, and 3 years appears to be the most common validity in use today. Any member with a position on this topic should contact Stephen, laying out the pros and cons of different proposals.
Discussion turned to the certificate profiles. Stephen noted that the WG has completed its drafting of the certificate profiles. He requested that Certificate Issuers to share these with their product and technical teams, as the next step will be to begin transforming these working papers into a draft SMIME BR.
It was noted that the approach to some fields, like OU and Pseudonym may change when we address the verification requirements, however the profiles are now considered stable.
https://docs.google.com/spreadsheets/d/1gEq-o4jU1FWvKBeMoncfmhAUemAgGuvVRSLQb7PedLU/edit#gid=0
6. Any Other Business
None
7. Next call
Next call: CABF Virtual F2F Oct 12-14, detailed agenda to follow