CA/Browser Forum
Home » All CA/Browser Forum Posts » 2023-01-18 Minutes of the S/MIME Certificate Working Group

2023-01-18 Minutes of the S/MIME Certificate Working Group

Minutes of SMCWG

January 18, 2023

These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.

Attendees

Andrea Holland – (SecureTrust), Ashish Dhiman – (GlobalSign), Ben Wilson – (Mozilla), Clint Wilson – (Apple), Corey Bonnell – (DigiCert), Dave Chin – (CPA Canada/WebTrust), Don Sheehy – (CPA Canada/WebTrust), Enrico Entschew – (D-TRUST), Inaba Atsushi – (GlobalSign), Inigo Barreira – (Sectigo), Jamie Mackey – (US Federal PKI Management Authority), Judith Spencer – (CertiPath (Private Person)), Marco Schambach – (IdenTrust), Martijn Katerbarg – (Sectigo), Matthias Wiedenhorst – (ACAB Council), Morad Abou Nasser – (TeleTrust), Nome Huang – (TrustAsia Technologies, Inc.), Patrycja Tulinska – (PSW), Rebecca Kelley – (Apple), Renne Rodriguez – (Apple), Russ Housley – (Vigil Security LLC), Stefan Selbitschka – (rundQuadrat), Tadahiko Ito – (SECOM Trust Systems), Tim Crawford – (CPA Canada/WebTrust), Tsung-Min Kuo – (Chunghwa Telecom), Wendy Brown – (US Federal PKI Management Authority)

1. Roll Call

The Roll Call was taken.

2. Read Antitrust Statement

The Antitrust/Compliance Statement was read.

3. Review Agenda

4. Approval of minutes from last teleconference

The minutes of the January 4 teleconference were approved.

5. Discussion

Martijn Katerbarg chaired the meeting.

The WG discussed the proposed text written by Stephen Davidson to add CAA to the S/MIME BR. See this GitHub comparison.

Martijn noted that the text was quite complete other than the effective date. It was discussed that an effective date should be considered for 2024, in other words after the first effective date for the S/MIME BR v1.0.0. This would allow time for Certificate Issuers with no previous CAA experience adequate time to implement the standard.

WG members were invited to consider the text and to contribute to the IETF discussion regarding the CAA Internet-draft at Ben Wilson noted that a discussion was being started to propose the addition of the S/MIME BR to Sections 2.3 and 3.1.2 of the Mozilla Root Store Policy. This would need to go through community discussion and review to talk about the Sept 1, 2023 adoption date and potentially a Sept 1, 2024 date by which all CAs would require eligible audits reported in CCADB.

Wendy Brown noted that the timetables described in the S/MIME BR may be sufficiently clear as it described audits being required “For Audit Periods starting after the Effective Date” for v.1.0.0.

Ben noted that the actual title of the TLS Baseline Requirements was obscure and that it would be easier for Certificate Consumers if the Server Certificate WG would update the title of that document to specifically reference TLS or Server Certificates.

Martijn asked in Mozilla would stipulate any requirements on ICAs that go beyond what is in the S/MIME BR. Ben noted that the overall trend was towards separating activity by EKU, and longer term this was encouraged even for roots.

Don Sheehy noted that WebTrust was meeting in the coming weeks to review the proposed criteria. Their goal was to make this available far in advance of the effective date to allow CAs to prepare or do self-assessments. Ben asked for an update of the ETSI regime. Inigo Barreira noted that Stephen Davidson and Dimitris Zacharopoulos were at the ETSI meeting this week where the topic was on the agenda.

6. Any Other Business

None

7. Next call

Next call: tentative Wednesday, February 1, 2023 at 11:00 am Eastern Time

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).