CA/Browser Forum
Home » All CA/Browser Forum Posts » 2024-03-13 Minutes of the S/MIME Certificate Working Group

2024-03-13 Minutes of the S/MIME Certificate Working Group

Minutes of SMCWG

March 13, 2024

These are the Approved Minutes of the meeting described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.

Attendees

Adriano Santoni - (Actalis S.p.A.), Andreas Henschel - (D-TRUST), Ashish Dhiman - (GlobalSign), Bruce Morton - (Entrust), Clint Wilson - (Apple), Dave Chin - (CPA Canada/WebTrust), Inaba Atsushi - (GlobalSign), Inigo Barreira - (Sectigo), Judith Spencer - (CertiPath), Marco Schambach - (IdenTrust), Martijn Katerbarg - (Sectigo), Morad Abou Nasser - (TeleTrust), Nome Huang - (TrustAsia), Paul van Brouwershaven - (Entrust), Rollin Yu - (TrustAsia), Sandy Balzer - (SwissSign), Scott Rea - (eMudhra), Stefan Selbitschka - (rundQuadrat), Stephen Davidson - (DigiCert), Tadahiko Ito - (SECOM Trust Systems), Tathan Thacker - (IdenTrust), Wendy Brown - (US Federal PKI Management Authority)

1. Roll Call

The Roll Call was taken.

2. Read Antitrust Statement

The statement was read concerning the antitrust policy, code of conduct, and intellectual property rights agreement.

3. Review Agenda

Minutes were prepared by Stephen Davidson.

4. Approval of minutes from last teleconference

The minutes for the teleconference of February 28 were approved.

The membership of DiSig in the SMCWG was confirmed.

5. Discussion

Stephen Davidson

Stephen Davidson provided an overview of the draft text of SMC06 clarifications and corrections ballot, including several new items relating to https://github.com/cabforum/smime/issues/236 and https://github.com/cabforum/smime/issues/237. Following discussion it was agreed that suspension be clarified as specifically as certificateHold. Adriano Santoni noted that it was unclear if suspension was even supported by email clients and perhaps should be considered for removal in future. See https://github.com/srdavidson/smime/compare/ed36440d7c967732aa08739b14cc29bed257a67d...246fab8b8880aa62cec95b6d055b872173d4dadf

Stephen encouraged members to use the Issues list at https://github.com/cabforum/smime/issues to submit topics for consideration.

Stephen noted that the ballot would soon move ahead with endorsers including Martijn Katerbarg of Sectigo and Roman Fischer of SwissSign.

The group had a discussion of SC ballots for relevance to the SMCWG, noting that if the MPV ballot is successful a review may be required for the S/MIME BR.

Stephen noted that the server certificate working group is working towards automatically distributing audio recordings of meetings to participants, which may be extended to the SMCWG as well. There was no objection.

Stephen noted that the group would soon discuss the possible deprecation of the Legacy profiles and again asked Certificate Issuers to review items that presented obstacles to moving to the Multipurpose or Strict profiles. He noted that there were concerns on the ability of ERAs to parse out giveName and surname as separate Subject attributes, and shorter certificate validity may be an issue for implementations using smartcards.

Stephen asked if using CCADB to poll Certificate Issuers regarding their S/MIME BR profiles would present a by-laws/anticompetitive issue?

6. Any Other Business

None

7. Next call

Next call: Wednesday, March 27, 2024 at 11:00 am Eastern Time

Adjourned

Latest releases
Server Certificate Requirements
SC099: Improve Recording of Validation Methods - May 19, 2026

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.14 - Ballot SMC016 - May 5, 2026

This ballot maintains consistency between the S/MIME Baseline Requirements and the TLS Baseline Requirements with changes introduced by Ballots SC096 and SC097. Specifically, this ballot: Creates a carve-out of the logging requirements for DNSSEC specifically, stating these are not in scope. For audit purposes, change management logging is able to confirm if the appropriate controls are in effect or not. Sunsets all remaining use of SHA-1 signatures in Certificates and CRLs. It is noted that most uses of SHA-1 signatures are already deprecated by SC097. With this ballot, all unexpired Subordinate CA Certificates issuing S/MIME containing the SHA-1 signature algorithm must be revoked. This proposal does not prohibit the use of SHA-1 to generate issuerKeyHash or issuerNameHash values as currently required by RFC 5019. Includes minor formatting corrections.

Network and Certificate System Security Requirements
Version 2.0.5 (Ballot NS-008) - Jul 9, 2025

Related posts
Tags
Minutes S/MIME
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).