The CA/Browser Forum’s S/MIME Certificate Working Group (SMCWG) was chartered to work on requirements applicable to Certification Authorities that issue S/MIME digital certificates used to sign, verify, encrypt, and decrypt email. A primary deliverable will address:
- Verification of control over email addresses
- Key management and certificate lifecycle
- Certificate profiles for S/MIME certificates and Issuing CA certificates
- CA operational practices, physical/logical security, etc.
In addition, the SMCWG may also address identity validation for natural persons and legal entities in the context of S/MIME certificates.
The goal of the SMCWG is to provide a framework where “reasonable assurance” may be provided to senders and recipients of email messages that the party identified in an S/MIME Certificate has control of the domain or email address being asserted. A variation of this use case is where an individual or organization digitally signs email to establish its authenticity and source of origin.
There are four membership categories in the S/MIME Certificate Working Group:
- Certificate Issuers: Certification Authorities that issue publicly trusted S/MIME certificates treated as valid by a Certificate Consumer Member. This group can attend all meetings and vote in the working group.
- Certificate Consumers: Entities that produce and maintain a mail user agent (web-based or application based) or operate an email service provider that processes S/MIME certificates. This group can attend all meetings and vote in the working group.
- Interested Parties: Anyone that has an interest in participating in the working group. This group can attend all telephone meetings but cannot vote. They may be invited to face to face meetings by the Chair.
- Associate Members: Organizations that add value to the working group as determined by the group. Traditionally these have been organizations such as WebTrust, ETSI, Federal PKI, and ICANN (see: /about/membership/associate-members/). This category also includes organizations that intend to be in categories 1 or 2 but have not completed all the required steps. This group can attend all meetings but cannot vote.
In all categories, the CA/Browser Forum by-laws require members to execute and submit the IPR Agreement (See: ).
The CA/Browser Forum welcomes new applicants with an interest in S/MIME for membership in the SMCWG. There is no cost to join. New applicants should provide the following information by email to firstname.lastname@example.org:
- Category under which the applicant wishes to apply to the SMCWG
- Organization name
- URL of the applicant’s main Web site
- Completed IPR Agreement
- Names and email addresses of designated representatives who will participate (identifying a voting representative)
- Emergency contact information for security issues related to certificate trust
- Certificate Issuers must supply the following additional information:
- URL of the current qualifying audit report
- Links or references to issued end-entity certificates that demonstrate them being treated as valid by a Certificate Consumer Member
In addition, the S/MIME Certificate Working Group provides a public mailing list. To subscribe, see: /mailman/listinfo/smcwg-public
Root Certificate Issuer
- AC Camerfirma SA
- Actalis S.p.A.
- Asseco Data Systems SA (Certum)
- Buypass AS
- Chunghwa Telecom
- OISTE Foundation
- SECOM Trust Systems
- Telia Company
- TrustCor Systems
- MSC Trustgate Sdn Bhd
- AC Firmaprofessional SA
- Logius PKIoverheid
- ACAB Council
- CPA Canada/WebTrust
- US Federal PKI Management Authority
- Zone Media
- Arno Fiedler
- KPMG Korea
- Vigil Security LLC
- Nathalie Weiler (Private Person)
- Maria Merkel