CA/Browser Forum
Home » Working Groups » S/MIME Cert WG

S/MIME Certificate Working Group

About

The CA/Browser Forum’s S/MIME Certificate Working Group (SMCWG) was chartered to work on requirements applicable to Certification Authorities that issue S/MIME digital certificates used to sign, verify, encrypt, and decrypt email. A primary deliverable will address:

  • Verification of control over email addresses
  • Key management and certificate lifecycle
  • Certificate profiles for S/MIME certificates and Issuing CA certificates
  • CA operational practices, physical/logical security, etc.

In addition, the SMCWG may also address identity validation for natural persons and legal entities in the context of S/MIME certificates.

The goal of the SMCWG is to provide a framework where “reasonable assurance” may be provided to senders and recipients of email messages that the party identified in an S/MIME Certificate has control of the domain or email address being asserted. A variation of this use case is where an individual or organization digitally signs email to establish its authenticity and source of origin.

Officers

Chair: Stephen Davidson (DigiCert)
Vice Chair: Martijn Katerbarg (Sectigo)
Past officers: Mads Egil Henriksveen (Buypass, Vice Chair 2020-2022)

Charter

S/MIME Certificate Working Group Charter

Ballots

SMC WG Ballots

Membership Requirements

There are four membership categories in the S/MIME Certificate Working Group:

  • Certificate Issuers: Certification Authorities that issue publicly trusted S/MIME certificates treated as valid by a Certificate Consumer Member. This group can attend all meetings and vote in the working group.
  • Certificate Consumers: Entities that produce and maintain a mail user agent (web-based or application based) or operate an email service provider that processes S/MIME certificates. This group can attend all meetings and vote in the working group.
  • Interested Parties: Anyone that has an interest in participating in the working group. This group can attend all telephone meetings but cannot vote. They may be invited to face to face meetings by the Chair.
  • Associate Members: Organizations that add value to the working group as determined by the group. Traditionally these have been organizations such as WebTrust, ETSI, Federal PKI, and ICANN (see: /about/membership/associate-members/). This category also includes organizations that intend to be in categories 1 or 2 but have not completed all the required steps. This group can attend all meetings but cannot vote.

In all categories, the CA/Browser Forum by-laws require members to execute and submit the IPR Agreement (See: ).

How to Join the SMCWG

The CA/Browser Forum welcomes new applicants with an interest in S/MIME for membership in the SMCWG. There is no cost to join. New applicants should provide the following information by email to questions@cabforum.org:

  1. Category under which the applicant wishes to apply to the SMCWG
  2. Organization name
  3. URL of the applicant’s main Web site
  4. Completed IPR Agreement
  5. Names and email addresses of designated representatives who will participate (identifying a voting representative)
  6. Emergency contact information for security issues related to certificate trust
  7. Certificate Issuers must supply the following additional information:
    • URL of the current qualifying audit report
    • Links or references to issued end-entity certificates that demonstrate them being treated as valid by a Certificate Consumer Member

Mailing List

In addition, the S/MIME Certificate Working Group provides a public mailing list. To subscribe, see the Google Groups SMCWG-Public list

Members

Certification Authorities

  • AC Camerfirma SA
  • AC Firmaprofessional SA
  • Actalis S.p.A.
  • Asseco Data Systems SA (Certum)
  • Buypass AS
  • Carillon Information Security Inc.
  • CFCA
  • Chunghwa Telecom
  • Comsign
  • DigiCert
  • Disig
  • D-TRUST
  • eMudhra
  • Entrust
  • GDCA
  • GlobalSign
  • GlobalTrust
  • HARICA
  • IdenTrust
  • iTrusChina
  • MSC Trustgate Sdn Bhd
  • OISTE Foundation
  • SECOM Trust Systems
  • Sectigo
  • SHECA
  • SSC
  • SSL.com
  • SwissSign
  • Telia Company
  • TrustAsia
  • TWCA
  • VikingCloud
  • Visa

Certificate Consumers

  • Apple
  • Google
  • Microsoft
  • Mozilla/Thunderbird
  • Posteo e.K.
  • rundQuadrat
  • Zertificon

Associates

  • ACAB Council
  • CertiPath
  • CPA Canada/WebTrust
  • Keyfactor
  • tScheme
  • US Federal PKI Management Authority
  • Zone Media

Interested Parties

  • Arno Fiedler
  • Ellie Schieder (Private Person)
  • KPMG Korea
  • Maria Merkel (Private Person)
  • Nathalie Weiler (Private Person)
  • PSW
  • TeleTrust
  • Vigil Security LLC
Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.6 - Ballot SMC08 - Aug 29, 2024

This ballot sets a date by which issuance of certificates following the Legacy generation profiles must cease. It also includes the following minor updates: Pins the domain validation procedures to v 2.0.5 of the TLS Baseline Requirements while the ballot activity for multi-perspective validation is concluded, and the SMCWG determines its corresponding course of action; Updates the reference for SmtpUTF8Mailbox from RFC 8398 to RFC 9598; and Small text corrections in the Reference section

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).