CA/Browser Forum
Home » All CA/Browser Forum Posts » 2024-11-06 Minutes of the S/MIME Certificate Working Group

2024-11-06 Minutes of the S/MIME Certificate Working Group

Minutes of SMCWG

November 6, 2024

These are the Minutes of the meeting described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.

Attendees

Andrea Holland (VikingCloud), Andreas Henschel (D-TRUST), Andy Warner (Google), Ben Wilson (Mozilla), Bruce Morton (Entrust), Clint Wilson (Apple), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Judith Spencer (CertiPath), Luis Cervantes (SSL.com), Malcolm Idaho (IdenTrust), Marco Schambach (IdenTrust), Martijn Katerbarg (Sectigo), Mrugesh Chandarana (IdenTrust), Nargis Mannan (VikingCloud), Nome Huang (TrustAsia), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Rebecca Kelly (SSL.com), Renne Rodriguez (Apple), Rollin Yu (TrustAsia), Sandy Balzer (SwissSign), Scott Rea (eMudhra), Stefan Selbitschka (rundQuadrat), Stephen Davidson (DigiCert), Thomas Zermeno (SSL.com)

1. Roll Call

2. Read Antitrust Statement

The statement was read concerning the antitrust policy, code of conduct, and intellectual property rights agreement.

3. Review Agenda

Minutes were prepared by Stephen Davidson.

4. Approval of minutes from last teleconference

The minutes for the teleconference of October 10 (F2F #63) and October 23 were approved.

5. Discussion

Stephen Davidson noted that SMC09 was in through November 22.

Stephen noted that after lengthy dialogue in writing the ballot, the formal discussion period for SMC010 for MPIC would be from November 7-14, with the ballot endorsed by GlobalSign and Google.

The WG discussed Issue #259 https://github.com/cabforum/smime/issues/259 and agreed that the text should be amended to allow reuse of DCV for the method described in Section 3.2.2.3.

The WG discussed whether a separate method should be introduced in 3.2 to describe ACME for S/MIME https://datatracker.ietf.org/doc/rfc8823/ (issue #3). Stephen noted that there was desire to accommodate automation of email control, which may become important as the Server Cert WG revisits DCV methods in the TLS BR.

The WG walked through the operation of RFC 8823 validation. Stephen noted that the existing Section 3.2.2.2 text referred to a Random Value being distributed by email to the box, while the functions of RFC 8823 use a combination of email and SMTP. He noted that he was aware of third-party certificate lifecycle tools that supported RFC 8823 and asked if public trust issuers supported it.

Stephen noted that, if the WG viewed it as an important option, either the text in 3.2.2.3 should be broadened, or a new method 3.2.24 should be written for RFC 8823.

Andy Warner and Paul Van Brouwershaven noted there was sometimes a wagon and horse issue and there was merit in describing new automation methods, noting that the TLS BR also added and removed them over time.

Stephen asked if issuers or consumers knew of other email domain automation options that should be described in the S/MIME BR.

6. Any Other Business

The WG discussed a PR https://github.com/cabforum/smime/pull/261 submitted by Brice Morton to allow the use of QIIS/Reliable Data Source to obtain 1) phone or address information for a Subject which may not be available in government records and 2) to validate DBA names if they are drawn by the QIIS/Reliable Data Source from Government records. The discussion will continue.

7. Next call

Next call: Wednesday, November 20, 2024 at 11:00 am Eastern Time

Adjourned

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).