CA/Browser Forum
Home » All CA/Browser Forum Posts » Ballot SMC013: Enable PQC Algorithms for S/MIME

Ballot SMC013: Enable PQC Algorithms for S/MIME

Ballot SMC013: Enable PQC Algorithms for S/MIME

Summary:

This ballot introduces specifications for the use of two post-quantum cryptography (PQC) algorithms, as standardized by the U.S. National Institute of Standards and Technology (NIST), in the S/MIME BR:

  • ML-DSA, or Module-Lattice-Based Digital Signature Algorithm, a digital signature scheme; and

  • ML-KEM, or Module-Lattice-Based Key-Encapsulation Mechanism, a key encapsulation mechanism.

The ballot specifies single-key/non-hybrid PQC certificates that do not rely upon pre-quantum algorithms.

The ballot is intended to enable experimentation by Certificate Issuers with PQC certificates; noting that additional requirements on the use of PQC may be imposed by Root programs.

This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Andreas Henschel (D-Trust) and Martijn Katerbarg (Sectigo).

— Motion Begins —

This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly-Trusted S/MIME Certificates” (“S/MIME Baseline Requirements”), based on Version 1.0.10.

https://github.com/cabforum/smime/compare/59687c5e3835f889cdbb0ff0f0a24cfffc684084...0ba137373f1c7cb1ac52981b6b155ffd1be52267

— Motion Ends —

This ballot proposes a Final Maintenance Guideline. The procedure for approval of this ballot is as follows:

Discussion (at least 7 days)

  • Start time: July 2, 2025 at 18:00:00 UTC
  • End time: July 11, 2025 at 18:00:00 UTC
Latest releases
Server Certificate Requirements
SC-081v3: Introduce Schedule of Reducing Validity and Data Reuse Periods - May 21, 2025

BR v2.1.5

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.10 - Ballot SMC012 - Jul 2, 2025

Introduces a new method for validation of mailbox control, using ACME for S/MIME as defined in RFC 8823: Extensions to Automatic Certificate Management Environment for End-User S/MIME Certificates.

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).