CA/Browser Forum
Home » All CA/Browser Forum Posts » 2024-03-13 Minutes of the S/MIME Certificate Working Group

2024-03-13 Minutes of the S/MIME Certificate Working Group

Minutes of SMCWG

March 13, 2024

These are the Approved Minutes of the meeting described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.

Attendees

Adriano Santoni - (Actalis S.p.A.), Andreas Henschel - (D-TRUST), Ashish Dhiman - (GlobalSign), Bruce Morton - (Entrust), Clint Wilson - (Apple), Dave Chin - (CPA Canada/WebTrust), Inaba Atsushi - (GlobalSign), Inigo Barreira - (Sectigo), Judith Spencer - (CertiPath), Marco Schambach - (IdenTrust), Martijn Katerbarg - (Sectigo), Morad Abou Nasser - (TeleTrust), Nome Huang - (TrustAsia), Paul van Brouwershaven - (Entrust), Rollin Yu - (TrustAsia), Sandy Balzer - (SwissSign), Scott Rea - (eMudhra), Stefan Selbitschka - (rundQuadrat), Stephen Davidson - (DigiCert), Tadahiko Ito - (SECOM Trust Systems), Tathan Thacker - (IdenTrust), Wendy Brown - (US Federal PKI Management Authority)

1. Roll Call

The Roll Call was taken.

2. Read Antitrust Statement

The statement was read concerning the antitrust policy, code of conduct, and intellectual property rights agreement.

3. Review Agenda

Minutes were prepared by Stephen Davidson.

4. Approval of minutes from last teleconference

The minutes for the teleconference of February 28 were approved.

The membership of DiSig in the SMCWG was confirmed.

5. Discussion

Stephen Davidson

Stephen Davidson provided an overview of the draft text of SMC06 clarifications and corrections ballot, including several new items relating to https://github.com/cabforum/smime/issues/236 and https://github.com/cabforum/smime/issues/237. Following discussion it was agreed that suspension be clarified as specifically as certificateHold. Adriano Santoni noted that it was unclear if suspension was even supported by email clients and perhaps should be considered for removal in future. See https://github.com/srdavidson/smime/compare/ed36440d7c967732aa08739b14cc29bed257a67d...246fab8b8880aa62cec95b6d055b872173d4dadf

Stephen encouraged members to use the Issues list at https://github.com/cabforum/smime/issues to submit topics for consideration.

Stephen noted that the ballot would soon move ahead with endorsers including Martijn Katerbarg of Sectigo and Roman Fischer of SwissSign.

The group had a discussion of SC ballots for relevance to the SMCWG, noting that if the MPV ballot is successful a review may be required for the S/MIME BR.

Stephen noted that the server certificate working group is working towards automatically distributing audio recordings of meetings to participants, which may be extended to the SMCWG as well. There was no objection.

Stephen noted that the group would soon discuss the possible deprecation of the Legacy profiles and again asked Certificate Issuers to review items that presented obstacles to moving to the Multipurpose or Strict profiles. He noted that there were concerns on the ability of ERAs to parse out giveName and surname as separate Subject attributes, and shorter certificate validity may be an issue for implementations using smartcards.

Stephen asked if using CCADB to poll Certificate Issuers regarding their S/MIME BR profiles would present a by-laws/anticompetitive issue?

6. Any Other Business

None

7. Next call

Next call: Wednesday, March 27, 2024 at 11:00 am Eastern Time

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).