CA/Browser Forum
Home » All CA/Browser Forum Posts » 2023-12-06 Minutes of the S/MIME Certificate Working Group

2023-12-06 Minutes of the S/MIME Certificate Working Group

Minutes of SMCWG

December 6, 2023

These are the Approved Minutes of the meeting described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.

Attendees

Adrian Mueller – (SwissSign), Alison Wang – (TrustAsia), Andrea Holland – (VikingCloud), Andreas Henschel – (D-TRUST), Ashish Dhiman – (GlobalSign), Ben Wilson – (Mozilla), Bruce Morton – (Entrust), Cade Cairns – (Google), Christophe Bonjean – (GlobalSign), Corey Bonnell – (DigiCert), Dimitris Zacharopoulos – (HARICA), Don Sheehy – (CPA Canada/WebTrust), Inaba Atsushi – (GlobalSign), Marco Schambach – (IdenTrust), Martijn Katerbarg – (Sectigo), Mrugesh Chandarana – (IdenTrust), Nome Huang – (TrustAsia), Rebecca Kelley – (Apple), Renne Rodriguez – (Apple), Rollin Yu – (TrustAsia), Russ Housley – (Vigil Security LLC), Stephen Davidson – (DigiCert), Tadahiko Ito – (SECOM Trust Systems), Thomas Zermeno – (SSL.com), Tim Hollebeek – (DigiCert), Tsung-Min Kuo – (Chunghwa Telecom), Wendy Brown – (US Federal PKI Management Authority)

1. Roll Call

The Roll Call was taken.

2. Read Antitrust Statement

The statement was read concerning the antitrust policy, code of conduct, and intellectual property rights agreement.

3. Review Agenda

Minutes were prepared by Stephen Davidson.

4. Approval of minutes from last teleconference

The minutes for the teleconference of November 15 were approved.

5. Discussion

Stephen Davidson confirmed that Ballot SMC04 was scheduled to conclude IPR review on December 8 and no comments had so far been received.

Stephen walked through the draft text of a ballot to introduce CAA for SMIME, which may be seen at https://github.com/srdavidson/smime/compare/241e92cde85c25d7e0d4a5c70118ecadacd4d72b…c432153a4375fbfa59bd3a75fd55e915b2f31938

He noted that he’d received good feedback from Cade Cairns and others, and welcomed comments on the text as the plan is to move to ballot in January. The ballot will be proposed by Corey Bonnell. Ben Wilson offered to be an endorser.

Stephen noted that there was a proposal to change the location of CAA info in the TLS BR and that he hoped the groups would maintain consistency.

It was agreed to set adoption as a SHOULD starting on Sept 15 2024 and a SHALL starting on March 15 2025. He noted that CAs should be contacting vendors or engineering teams about those dates.

The WG discussed the Sponsor Legacy profile, in particular if the standard should be made more specific to ensure that the subject is a human user, not an unattended mailbox or device (which were intended to use the Mailbox or Org-validated profiles). Stephen noted the Sponsor Legacy was intended to be a flexible profile to assist in moving the S/MIME universe into the auditable environment of the S/MIME BR.

He said the WG had the choice to tighten the Legacy profiles, which implied them being around for a long while, or to focus attention on implementation issues that prevented movement to the Multipurpose or Strict profiles. He asked CAs to provide feedback from their implementation, noting that he understood that ERAs may have difficulty providing givenName and surname as separate fields rather than the just the complete name as a CN. Tim Hollebeek commented this may be a dominant issue for ERAs that might otherwise move to the Multipurpose profile.

Ben said that for now the WG should retain the flexibility of the Legacy profiles with clarifications if required but that it was important to gather data to inform the improvement of the standard as well as the eventual deprecation of the Legacy.

Martijn Katerbarg proposed improvement to Section 1.2 describing Mailbox profiles as the current text might be understood to ban the CN, which was not intended.

6. Any Other Business

None

7. Next call

Next call: Wednesday, December 20, 2023 at 11:00 am Eastern Time

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).