CA/Browser Forum
Home » Working Groups » S/MIME Cert WG

S/MIME Certificate Working Group


The CA/Browser Forum’s S/MIME Certificate Working Group (SMCWG) was chartered to work on requirements applicable to Certification Authorities that issue S/MIME digital certificates used to sign, verify, encrypt, and decrypt email. A primary deliverable will address:

  • Verification of control over email addresses
  • Key management and certificate lifecycle
  • Certificate profiles for S/MIME certificates and Issuing CA certificates
  • CA operational practices, physical/logical security, etc.

In addition, the SMCWG may also address identity validation for natural persons and legal entities in the context of S/MIME certificates.

The goal of the SMCWG is to provide a framework where “reasonable assurance” may be provided to senders and recipients of email messages that the party identified in an S/MIME Certificate has control of the domain or email address being asserted. A variation of this use case is where an individual or organization digitally signs email to establish its authenticity and source of origin.


Chair: Stephen Davidson (DigiCert)
Vice Chair: Martijn Katerbarg (Sectigo)
Past officers: Mads Egil Henriksveen (Buypass, Vice Chair 2020-2022)


S/MIME Certificate Working Group Charter


SMC WG Ballots

Membership Requirements

There are four membership categories in the S/MIME Certificate Working Group:

  • Certificate Issuers: Certification Authorities that issue publicly trusted S/MIME certificates treated as valid by a Certificate Consumer Member. This group can attend all meetings and vote in the working group.
  • Certificate Consumers: Entities that produce and maintain a mail user agent (web-based or application based) or operate an email service provider that processes S/MIME certificates. This group can attend all meetings and vote in the working group.
  • Interested Parties: Anyone that has an interest in participating in the working group. This group can attend all telephone meetings but cannot vote. They may be invited to face to face meetings by the Chair.
  • Associate Members: Organizations that add value to the working group as determined by the group. Traditionally these have been organizations such as WebTrust, ETSI, Federal PKI, and ICANN (see: /about/membership/associate-members/). This category also includes organizations that intend to be in categories 1 or 2 but have not completed all the required steps. This group can attend all meetings but cannot vote.

In all categories, the CA/Browser Forum by-laws require members to execute and submit the IPR Agreement (See: ).

How to Join the SMCWG

The CA/Browser Forum welcomes new applicants with an interest in S/MIME for membership in the SMCWG. There is no cost to join. New applicants should provide the following information by email to

  1. Category under which the applicant wishes to apply to the SMCWG
  2. Organization name
  3. URL of the applicant’s main Web site
  4. Completed IPR Agreement
  5. Names and email addresses of designated representatives who will participate (identifying a voting representative)
  6. Emergency contact information for security issues related to certificate trust
  7. Certificate Issuers must supply the following additional information:
    • URL of the current qualifying audit report
    • Links or references to issued end-entity certificates that demonstrate them being treated as valid by a Certificate Consumer Member

Mailing List

In addition, the S/MIME Certificate Working Group provides a public mailing list. To subscribe, see the Google Groups SMCWG-Public list


Root Certificate Issuer

  • AC Camerfirma SA
  • Actalis S.p.A.
  • Asseco Data Systems SA (Certum)
  • Buypass AS
  • CFCA
  • Chunghwa Telecom
  • Comsign
  • eMudhra
  • Entrust
  • GDCA
  • TrustAsia
  • GlobalSign
  • GlobalTrust
  • iTrusChina
  • OISTE Foundation
  • Sectigo
  • SSC
  • SwissSign
  • Telia Company
  • TrustCor Systems
  • TWCA
  • IdenTrust
  • Disig
  • MSC Trustgate Sdn Bhd
  • AC Firmaprofessional SA
  • DigiCert
  • Visa
  • VikingCloud
  • SECOM Trust Systems

Certificate Issuer

  • Logius PKIoverheid

Certificate Consumer

  • Apple
  • Google
  • Microsoft
  • Mozilla
  • Mozilla/Thunderbird
  • Zertificon
  • rundQuadrat
  • Posteo e.K.

Associate Member

  • Keyfactor
  • ACAB Council
  • CPA Canada/WebTrust
  • US Federal PKI Management Authority
  • Zone Media
  • tScheme
  • CertiPath

Interested Party

  • Arno Fiedler
  • KPMG Korea
  • PSW
  • TeleTrust
  • Vigil Security LLC
  • Nathalie Weiler (Private Person)
  • Ellie Schieder (Private Person)
  • Maria Merkel (Private Person)
Latest releases
Code Signing Requirements
v3.7 - Mar 4, 2024

S/MIME Requirements
v1.0.5 - Ballot SMC07 - Jul 15, 2024

Ballot SMC07: Align Logging Requirement and Key Escrow clarification

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).