CA/Browser Forum
Home » Posts » 2024-05-08 Minutes of the S/MIME Certificate Working Group

2024-05-08 Minutes of the S/MIME Certificate Working Group

Minutes of SMCWG

May 8, 2024

These are the Approved Minutes of the meeting described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.

Attendees

Abhishek Bhat - (eMudhra), Adriano Santoni - (Actalis S.p.A.), Aggie Wang - (TrustAsia), Andrea Holland - (VikingCloud), Ashish Dhiman - (GlobalSign), Ben Wilson - (Mozilla), Bruce Morton - (Entrust), Clint Wilson - (Apple), Corey Bonnell - (DigiCert), Dimitris Zacharopoulos - (HARICA), Inaba Atsushi - (GlobalSign), Inigo Barreira - (Sectigo), Janet Hines - (VikingCloud), Judith Spencer - (CertiPath), Keshava Nagaraju - (eMudhra), Marco Schambach - (IdenTrust), Martijn Katerbarg - (Sectigo), Morad Abou Nasser - (TeleTrust), Mrugesh Chandarana - (IdenTrust), Nome Huang - (TrustAsia), Rebecca Kelly - (SSL.com), Renne Rodriguez - (Apple), Rollin Yu - (TrustAsia), Scott Rea - (eMudhra), Stefan Selbitschka - (rundQuadrat), Stephen Davidson - (DigiCert), Tadahiko Ito - (SECOM Trust Systems), Tathan Thacker - (IdenTrust), Tsung-Min Kuo - (Chunghwa Telecom), Wendy Brown - (US Federal PKI Management Authority)

1. Roll Call

The Roll Call was taken.

2. Read Antitrust Statement

The statement was read concerning the antitrust policy, code of conduct, and intellectual property rights agreement.

3. Review Agenda

Minutes were prepared by Stephen Davidson.

4. Approval of minutes from last teleconference

The minutes for the teleconference of April 24 were approved.

5. Discussion

Stephen Davidson noted that Ballot SMC06 was in IPR until May 11. See https://lists.cabforum.org/pipermail/smcwg-public/2024-April/000957.html.

The WG discussed and approved the change of KeyFactor from an Interested Party to an Associate Member, Ellie Schieder as an Interested Party, and Posteo e.K as a Certificate Consumer. The WG reviewed and discussed a ballot proposed by Martijn Katerbarg which would bring the S/MIME BR up to date with a recent ballot at the TLS BR for logging. See more at https://github.com/cabforum/smime/issues/241

The WG had an extensive discussion regarding the migration to Multipurpose/Strict profiles. Stephen noted that so far only two points had been raised by Certificate Issuers:

  • Having adequate time (such as one year) to allow ERAs using integration time to adapt.
  • Concerns relating to the impact of shorter validity on deployments using tokens/smartcards.

Judith Spencer and Wendy Brown commented that the shorter validity had real impact on large (including public sector) deployments that use tokens/smartcards, including:

  • limited storage on tokens/smartcards;
  • the increased burden of key exchange; and
  • and the costs of support for rekeying.

The question was raised whether it would be feasible to increase the validity for the Multipurpose profile to 1185 days in general, or in cases where tokens/smartcards are used. Clint Wilson spoke about the security and crypto agility benefits of shorter validity periods. It was agreed this topic would be continued in Bergamo.

6. Any Other Business

None.

7. Next call

Next call: the teleconference scheduled for May 22 has been cancelled. Next meeting is Bergamo F2F #60.

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed

Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.6 - Ballot SMC08 - Aug 29, 2024

This ballot sets a date by which issuance of certificates following the Legacy generation profiles must cease. It also includes the following minor updates:

  • Pins the domain validation procedures to v 2.0.5 of the TLS Baseline Requirements while the ballot activity for multi-perspective validation is concluded, and the SMCWG determines its corresponding course of action;
  • Updates the reference for SmtpUTF8Mailbox from RFC 8398 to RFC 9598; and
  • Small text corrections in the Reference section

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).