Minutes of SMCWG
January 4, 2023
These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.
Andrea Holland – (SecureTrust), Andreas Henschel – (D-TRUST), Ashish Dhiman – (GlobalSign), Ben Wilson – (Mozilla), Bruce Morton – (Entrust), Chad Ehlers – (IdenTrust), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Dave Chin – (CPA Canada/WebTrust), Dean Coclin – (DigiCert), Don Sheehy – (CPA Canada/WebTrust), Enrico Entschew – (D-TRUST), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Judith Spencer – (CertiPath (Private Person)), Marco Schambach – (IdenTrust), Mrugesh Chandarana – (IdenTrust), Patrycja Tulinska – (PSW), Rebecca Kelley – (Apple), Renne Rodriguez – (Apple), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Tim Crawford – (CPA Canada/WebTrust), Tsung-Min Kuo – (Chunghwa Telecom)
1. Roll Call
The Roll Call was taken.
2. Read Antitrust Statement
The Antitrust/Compliance Statement was read.
3. Review Agenda
4. Approval of minutes from last teleconference
The minutes of the November 9, 2022 and December 7, 2022 teleconferences were approved.
Stephen Davidson noticed that no IPR Exclusion Notices were filed, and the ballot is adopted as of January 01, 2023. The S/MIME BR become effective on September 01, 2023. He noted that the ballot (https://cabforum.org/ballots/s-mime-ballots/) and the Final Guideline (https://cabforum.org/smime-br/) are now on the CABF website and wiki.
Don Sheehy provided an update on the development of the WebTrust criteria for the S/MIME BR. He said that an advanced draft already existed, and that the WebTrust team would soon be meeting to review and approve a version 1. Don said he believed this would be available before the Ottawa F2F. He asked to verify when the WebTrust audits should commence; Stephen noted that the standard applied for audit periods after the effective date in September although CAs could voluntarily adopt it earlier.
Stephen noted that the required changes to the ETSI standards to implement the S/MIME BR are still under discussion, and invited the ACAB’c participants’ assistance.
Stephen also noted that another key element of the rollout of the S/MIME BR was the acceptance of the standard by the Cert Consumer root stores. Ben Wilson noted that Mozilla would soon commence the public discussion required to updated their policy.
Stephen noted the previously distributed information regarding Corey Bonnell’s Internet-draft describing the use of CAA for email domains, as well as draft update text to introduce CAA to the S/MIME BR. Corey provided an update of the discussion occurring at IETF, noting that it had found support and he hoped there would be a formal call for adoption soon. Stephen encouraged WG members who are active in IETF to join that discussion. He also noted that a ballot to add CAA would probably set an effective date further in the future, as some S/MIME CAs that do not issue TLS may not have existing experience with CAA.
Stephen noted that Tadahiko Ito’s proposal to create a documentSigning EKU had been published as RFC 9336.
Stephen also noted that a draft update had been distributed for the keyUsage table for EdDSA which would be balloted in future. He encouraged anyone who sees errata in the document to submit them to the list.
6. Any Other Business
7. Next call
Next call: tentative Wednesday, January 18, 2023 at 11:00 am Eastern Time