2026-06-03 Minutes of the S/MIME Certificate Working Group
Minutes of SMCWG
June 3, 2026
These are the Minutes of the meeting described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.
Roll Call
Note well: Antitrust / Compliance Statement
Approval of past minutes
- May 20
Minutes were taken by Stephen Davidson.
Review Agenda
Membership
Discussion- Stephen Davidson noted the updated signatures were due from members for the CABF intellectual property agreement (communicated separately on the Forum mailing lists).
- Stephen also noted that CABF elections would take place in the autumn and reminded members interested in taking leadership roles in the woring groups to contact the Forum chair.
- Scott Rea provided details of the location for the upcoming CABF F2F in Vienna in September.
- Martijn Katerbarg presented an updated draft based upon the outcome of the discussion on May 20: https://github.com/cabforum/smime/pull/304. The notable changes were 1) the text relaxes requirement to cease issuance after the September 2027 to CAs using RSA keys smaller than 3072 bits (down from 4096), and 2) specified what certificates are impacted at that date (i.e., it applies to leaf/Subscriber certificates rather than cross-certificates or delegated OCSP responder certficates). The WG concurred with the change.
- It was noted that the SBR sometimes used curve448 versus Curve448. It was agreed to make the capitalization consistent.
- It was agreed that SMC017v2 would move to formal discussion.
Ballot Status Updates- In Development: Ballot SMC017v2: Increase Minimum RSA CA Key Size, Pseudonym
- In Discussion Period: NA
- In Voting Period: NA
- Under IPR Review: NA
- Approved and Effective: Ballot SMC016: Equivalence with Ballots SC096 and SC097 (May 5)
Next meeting:- Wednesday, June 17, 2026 at 11:00 am Eastern time
Any other business
Adjourn
Attendees:
Adriano Santoni (Actalis S.p.A.), Andrea Holland (IdenTrust), Andy Warner (Google), Arman Asemani (Apple), Ashish Dhiman (GlobalSign), Ben Wilson (Mozilla), Chya-Hung Tsai (TWCA), Dustin Hollenback (Apple), Guillaume Amringer (Carillon Information Security Inc.), Hazhar Ismail (MSC Trustgate Sdn Bhd), Inaba Atsushi (GlobalSign), Judith Spencer (CertiPath), Lilia Dubko (CPA Canada/WebTrust), Malcolm Idaho (IdenTrust), Martijn Katerbarg (Sectigo), Morad Abou Nasser (TeleTrust), Nome Huang (TrustAsia), Ono Fumiaki (SECOM Trust Systems), Pedro Fuentes (OISTE Foundation), Rollin Yu (TrustAsia), Russ Housley (Vigil Security LLC), Scott Rea (eMudhra), Sean Huang (TWCA), Stephen Davidson (DigiCert), Tadahiko Ito (SECOM Trust Systems), Tim Crawford (CPA Canada/WebTrust), Wendy Brown (US Federal PKI Management Authority), Wiktoria Więckowska (Asseco Data Systems SA (Certum))