CA/Browser Forum
Home » All CA/Browser Forum Posts » 2021-09-29 Minutes of the S/MIME Certificate Working Group

2021-09-29 Minutes of the S/MIME Certificate Working Group

Minutes of SMCWG

September 29, 2021

These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.

Attendees

Ali Gholami (Telia Company), Andrea Holland (SecureTrust), Andreas Henschel (D-TRUST), Atsushi Inaba (GlobalSign), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (DigiCert), David Kluge (Google), Don Sheehy (WebTrust), Eusebio Herrera (Camerfirma), Inigo Barreira (Sectigo), Joanna Fox (TrustCor), Mads Henriksveen (BuyPass), Matthias Wiedenhorst (ACAB’c), Mauricio Fernandez (TeleTrust), Miguel Sanchez (Google), Morad Abou Nasser (TeleTrust), Mrugesh Chandarana (IdenTrust), Patrycja Tulinska (PSW), Rebecca Kelley (Apple), Renne Rodriguez (Apple), Sebastian Schulz (GlobalSign), Stefan Selbitschka (rundQuadrat), Stephen Davidson (DigiCert), Tadahiko Ito (SECOM Trust Systems), Thomas Connelly (Federal PKI), Tim Crawford (WebTrust), Tsung-Min Kuo (Chunghwa Telecom), Wendy Brown (Federal PKI)

1. Roll Call

The Roll Call was taken.

2. Read Antitrust Statement

The Antitrust/Compliance Statement was read.

3. Review Agenda

4. Approval of minutes from last teleconference

The minutes of the September 15 teleconference were approved.

5. Discussion

A reminder was made of the informal poll on adoption of ECC. A link has been sent to the Management list, seeking Certificate Issuer feedback by October 8.

The declaration of participation of existing CABF member PrimeKey as an Interested Party member of SMCWG was confirmed.

Ben Wilson discussed the work of the NetSec subcommittee of the Server Cert WG. The NetSec requirements are referred to in several of the existing BRs and are likely to be included in the SMIME BR. Ben is polling feedback from members regarding the possibility of moving NetSec to become a WG in its own right. Stephen Davidson noted that some requirements were originally developed as part of the TLS BR -and lingering references to TLS sometimes complicated their being incorporated by reference in other standards. He supported the idea of some of these topics being pulled into separate documents. NetSec is one, audit might be another. The idea is that some WG would focus on cert types and others on CA topics. Ben clarified this would be a CABF ballot, requiring a WG charter, but is gaging enthusiasm at this time.

It was decided at the face-to-face that the WG would discuss the validity periods for the SMIME profiles. Some groups have proposed a default of 398 days, the gmail policy was set at 27 months, and 3 years appears to be the most common validity in use today. Any member with a position on this topic should contact Stephen, laying out the pros and cons of different proposals.

Discussion turned to the certificate profiles. Stephen noted that the WG has completed its drafting of the certificate profiles. He requested that Certificate Issuers to share these with their product and technical teams, as the next step will be to begin transforming these working papers into a draft SMIME BR.

It was noted that the approach to some fields, like OU and Pseudonym may change when we address the verification requirements, however the profiles are now considered stable.

https://docs.google.com/spreadsheets/d/1gEq-o4jU1FWvKBeMoncfmhAUemAgGuvVRSLQb7PedLU/edit#gid=0

6. Any Other Business

None

7. Next call

Next call: CABF Virtual F2F Oct 12-14, detailed agenda to follow

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).