CA/Browser Forum
Home » All CA/Browser Forum Posts » 2023-03-15 Minutes of the S/MIME Certificate Working Group

2023-03-15 Minutes of the S/MIME Certificate Working Group

Minutes of SMCWG

March 15, 2023

These are the Approved Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.

Attendees

Adrian Mueller (SwissSign), Andrea Holland (VikingCloud), Andreas Henschel (D-TRUST), Ashish Dhiman (GlobalSign), Ben Wilson (Mozilla), Bruce Morton (Entrust), Chad Ehlers (IdenTrust), Clint Wilson (Apple), Corey Bonnell (DigiCert), Dave Chin (CPA Canada/WebTrust), Dimitris Zacharopoulos (HARICA), Don Sheehy (CPA Canada/WebTrust), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Judith Spencer (CertiPath), Martijn Katerbarg (Sectigo), Morad Abou Nasser (TeleTrust), Mrugesh Chandarana (IdenTrust), Nome Huang (TrustAsia Technologies, Inc.), Patrycja Tulinska (PSW), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Rebecca Kelley (Apple), Renne Rodriguez (Apple), Rollin Yu (TrustAsia Technologies, Inc.), Stefan Selbitschka (rundQuadrat)

1. Roll Call

The Roll Call was taken.

2. Read Antitrust Statement

The Antitrust/Compliance Statement was read.

3. Review Agenda

Minutes were prepared by Stephen Davidson.

4. Approval of minutes from last teleconference

The minutes from the March 1 F2F are to be distributed.

5. Discussion

Martijn Katerbarg noted a question raised by Christophe Bonjean relating to the use of the Pseudonym in the Legacy profile as described at SMCWG public archive.

Corey Bonnell clarified that the note 7.1.4.2.6 allowed that CAs could omit the specific attributes in the Subject but to include the same content that would otherwise have been used in those attributes in the subject:commonName alone. In other words, a Pseudonym may be used in the CN but only if verified in accordance with the requirements of Section 3.1.3 SBR 3.1.3 Anonymity or pseudonymity of subscribers.

  1. Legacy Generation profiles MAY omit the subject:givenName, subject:surname, and subject:pseudonym attributes and include only the subject:commonName as described in Section 7.1.4.2.2(a).

Adrian Mueller commented that a Pseudonym used in the CN without the corresponding subject:pseudonym attribute could be confused as being a real name. He noted that in some Swiss profiles, Pseudonyms in the commonName would be prefixed by a “PSEUDO:” tag.

The discussion of the use of QIIS posed by SMCWG public archive was tabled for a future discussion.

Dimitris Zacharopoulos provided an update that the ETSI ESI group is working on a proposed ETSI TS 119 411-6 to make the SMIME BR auditable under the etsi regime. He noted that the intent was to have a 1-to-1 mapping of the cert policy OIDs.

Martijn raised the discussion that the WG would seek to move an erratum ballot in the near future and sought feedback from members on other items that might be included, and possible endorsers. A draft of the changes may be seen at SMIME Erratum Ballot Draft Changes.

Corey subsequently noted that the subsection numbering in section 4.9.1.1 might be aligned with the TLS BR. (This is, in effect, a style change. There are currently several sets of numbered bullets that restart at 1 in the SBR while the TLS BR continues the numbering across the sets).

6. Any Other Business

None

7. Next call

Next call: Wednesday, March 29, 2023 at 11:00 am Eastern Time

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).