CA/Browser Forum
Home » All CA/Browser Forum Posts » 2023-01-04 Minutes of the S/MIME Certificate Working Group

2023-01-04 Minutes of the S/MIME Certificate Working Group

Minutes of SMCWG

January 4, 2023

These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.

Attendees

Andrea Holland – (SecureTrust), Andreas Henschel – (D-TRUST), Ashish Dhiman – (GlobalSign), Ben Wilson – (Mozilla), Bruce Morton – (Entrust), Chad Ehlers – (IdenTrust), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Dave Chin – (CPA Canada/WebTrust), Dean Coclin – (DigiCert), Don Sheehy – (CPA Canada/WebTrust), Enrico Entschew – (D-TRUST), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Judith Spencer – (CertiPath (Private Person)), Marco Schambach – (IdenTrust), Mrugesh Chandarana – (IdenTrust), Patrycja Tulinska – (PSW), Rebecca Kelley – (Apple), Renne Rodriguez – (Apple), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Tim Crawford – (CPA Canada/WebTrust), Tsung-Min Kuo – (Chunghwa Telecom)

1. Roll Call

The Roll Call was taken.

2. Read Antitrust Statement

The Antitrust/Compliance Statement was read.

3. Review Agenda

4. Approval of minutes from last teleconference

The minutes of the November 9, 2022 and December 7, 2022 teleconferences were approved.

5. Discussion

Stephen Davidson noticed that no IPR Exclusion Notices were filed, and the ballot is adopted as of January 01, 2023. The S/MIME BR become effective on September 01, 2023. He noted that the ballot (/ballots/s-mime-ballots/) and the Final Guideline (/working-groups/smime/documents/) are now on the CABF website and wiki.

Don Sheehy provided an update on the development of the WebTrust criteria for the S/MIME BR. He said that an advanced draft already existed, and that the WebTrust team would soon be meeting to review and approve a version 1. Don said he believed this would be available before the Ottawa F2F. He asked to verify when the WebTrust audits should commence; Stephen noted that the standard applied for audit periods after the effective date in September although CAs could voluntarily adopt it earlier.

Stephen noted that the required changes to the ETSI standards to implement the S/MIME BR are still under discussion, and invited the ACAB’c participants’ assistance.

Stephen also noted that another key element of the rollout of the S/MIME BR was the acceptance of the standard by the Cert Consumer root stores. Ben Wilson noted that Mozilla would soon commence the public discussion required to updated their policy.

Stephen noted the previously distributed information regarding Corey Bonnell’s Internet-draft describing the use of CAA for email domains, as well as draft update text to introduce CAA to the S/MIME BR. Corey provided an update of the discussion occurring at IETF, noting that it had found support and he hoped there would be a formal call for adoption soon. Stephen encouraged WG members who are active in IETF to join that discussion. He also noted that a ballot to add CAA would probably set an effective date further in the future, as some S/MIME CAs that do not issue TLS may not have existing experience with CAA.

Stephen noted that Tadahiko Ito’s proposal to create a documentSigning EKU had been published as RFC 9336.

Stephen also noted that a draft update had been distributed for the keyUsage table for EdDSA which would be balloted in future. He encouraged anyone who sees errata in the document to submit them to the list.

6. Any Other Business

None

7. Next call

Next call: tentative Wednesday, January 18, 2023 at 11:00 am Eastern Time

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).