<div dir="ltr">The intent, stated in London, Cupertino, and Shanghai, is that much like other Subject information in leaf certificates does not have explicit guidelines (other than the CA validates), that the same approach would be valid for S/MIME</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Feb 7, 2020 at 2:46 AM Adriano Santoni via Public <<a href="mailto:public@cabforum.org">public@cabforum.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
  
    
  
  <div>
    <p>I would still prefer identity information (natural person or
      legal entity, or both: natural person affiliated to a legal
      entity) to be expressly included in the WG scope since the
      beginning. Of course this makes the WG task (that of producing
      "S/MIME baseline requirements") harder and longer, but it would
      reflect current practice. On the other hand, its not clear to me
      what the implications would be if S/MIME baseline requirements
      were approved and published, should they not cover the inclusion
      of identity information in S/MIME certificates. Would that imply,
      once Root Programs adopted such S/MIME BRs, that those CAs issuing
      S/MIME certs with identity information in them are mis-issuing?</p>
    Adriano
    <p><br>
    </p>
    <div>Il 06/02/2020 19:31, Wayne Thayer via
      Public ha scritto:<br>
    </div>
    <blockquote type="cite">
      
      <div dir="ltr">
        <div>Thanks Dimitris.<br>
        </div>
        <br>
        <div class="gmail_quote">
          <div dir="ltr" class="gmail_attr">On Wed, Feb 5, 2020 at 11:09
            PM Dimitris Zacharopoulos (HARICA) via Public <<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>>
            wrote:<br>
          </div>
          <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
            <div> Tim, Wayne, Adriano,<br>
              <br>
              Apple made a contribution and although HARICA disagrees
              with most of the recommended changes I believe there
              should be some discussion around that. </div>
          </blockquote>
          <div><br>
          </div>
          <div>Agree. It's not in anyone's interests, nor do I believe
            that the intent was to ignore input unrelated to the
            identity issue. We should discuss it now to allow members to
            decide for themselves if the suggestions are important
            enough to warrant voting against this ballot, or if the
            ballot is good enough to ratify as-is.<br>
          </div>
          <div> <br>
          </div>
          <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
            <div>Unfortunately, although I had started working on a
              response, I didn't have time to complete it on time. I was
              hoping to see some comments/responses from the proposer
              and endorsers before the voting period began.<br>
              <br>
              For what it's worth, here is a list of my comments
              (attached). My biggest concern is the Certificate Consumer
              members that qualify based on "mail transfer agent". I
              would certainly like some more information about that
              before HARICA votes. Other than that, the charter looks
              good to me.<br>
              <br>
            </div>
          </blockquote>
          <div><br>
          </div>
          <div>The section in question is:</div>
          <div><br>
          </div>
          <div><span style="font-size:10.5pt;font-family:"Quattrocento Sans",sans-serif;color:rgb(36,41,46);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap" id="gmail-m_600136628096943980gmail-docs-internal-guid-81c39c28-7fff-6963-3f63-b061fdb7a295">(2) A Certificate Consumer eligible for voting membership in the SMCWG must produce a develop and maintain a mail user agent (web-based or application based), mail transfer agent, or email service provider that processes S/MIME certificates issued by third-party Certificate Issuers who meet criteria set by such Certificate Consumer.</span></div>
          <div><span style="font-size:10.5pt;font-family:"Quattrocento Sans",sans-serif;color:rgb(36,41,46);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap" id="gmail-m_600136628096943980gmail-docs-internal-guid-81c39c28-7fff-6963-3f63-b061fdb7a295">
</span></div>
          <div><span style="font-size:10.5pt;font-family:"Quattrocento Sans",sans-serif;color:rgb(36,41,46);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap" id="gmail-m_600136628096943980gmail-docs-internal-guid-81c39c28-7fff-6963-3f63-b061fdb7a295">The inclusion of "mail transfer agents" as eligible participants doesn't appear harmful to me, but I also agree with Clint's comment that "The role of a mail transfer agent in consuming S/MIME certificates is unclear."</span></div>
          <div><span style="font-size:10.5pt;font-family:"Quattrocento Sans",sans-serif;color:rgb(36,41,46);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap" id="gmail-m_600136628096943980gmail-docs-internal-guid-81c39c28-7fff-6963-3f63-b061fdb7a295">
</span></div>
          <div><span style="font-size:10.5pt;font-family:"Quattrocento Sans",sans-serif;color:rgb(36,41,46);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap" id="gmail-m_600136628096943980gmail-docs-internal-guid-81c39c28-7fff-6963-3f63-b061fdb7a295">Tim or Ben: this was part of the draft Ben proposed over a year ago. Do you have any information on why this was included?
</span></div>
          <div><br>
          </div>
          <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
            <div> <br>
              Best regards,<br>
              Dimitris.<br>
              <br>
              <br>
              <br>
              <div>On 2020-02-06 12:45 π.μ., Wayne Thayer via Public
                wrote:<br>
              </div>
              <blockquote type="cite">
                <div dir="ltr">
                  <div>Based on my recollection of the Guangzhou
                    discussion, and supported by the minutes, the "path
                    forward agreed to in Guangzhou" was that we would
                    take this charter to a ballot without further
                    attempts to resolve the issue of including identity
                    in the charter's scope. There does not appear to be
                    a path to consensus on this issue, despite the
                    considerable amount of time spent discussing it. I'm
                    unhappy with this approach, but as one of the
                    endorsers, I don't see an alternative other than
                    "take it to a vote" that gets this much-needed WG
                    formed any time soon.</div>
                  <div><br>
                  </div>
                  <div>- Wayne<br>
                  </div>
                </div>
                <br>
                <div class="gmail_quote">
                  <div dir="ltr" class="gmail_attr">On Wed, Feb 5, 2020
                    at 3:22 PM Ryan Sleevi via Public <<a href="mailto:public@cabforum.org" target="_blank">public@cabforum.org</a>>
                    wrote:<br>
                  </div>
                  <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
                    <div dir="ltr">
                      <div>
                        <div>Hi Tim,<br>
                        </div>
                      </div>
                      <div><br>
                      </div>
                      <div>Could you point to where that's reflected in
                        the minutes? Our understanding here at Google is
                        that Apple's proposed changes, which we support
                        and would be unable to participate without
                        incorporating, is that it accurately and
                        correctly reflects the discussions in London
                        [1], reiterated in Cupertino [2], and agreed
                        upon in Thessaloniki [3]. It appears that,
                        following that, the proposers of that ballot
                        ignored that consensus and conclusion, and yet
                        the discussion of Guangzhou [4] does not
                        indicate there was consensus to do so.</div>
                      <div><br>
                      </div>
                      <div>I'm hoping we've just overlooked something in
                        the minutes, but Apple's proposed changes seem
                        imminently reasonable, and a worthwhile path to
                        drafting requirements that consuming software,
                        such as mail clients (both native and Web), can
                        use and consume as part of their root programs,
                        as an alternative to their root-program-specific
                        requirements.</div>
                      <div><br>
                      </div>
                      <div>[1] <a href="https://cabforum.org/2018/06/06/minutes-for-ca-browser-forum-f2f-meeting-44-london-6-7-june-2018/#New-SMIME-Working-Group-Charter" target="_blank">https://cabforum.org/2018/06/06/minutes-for-ca-browser-forum-f2f-meeting-44-london-6-7-june-2018/#New-SMIME-Working-Group-Charter</a></div>
                      <div>[2] <a href="https://cabforum.org/2019/05/03/minutes-for-ca-browser-forum-f2f-meeting-46-cupertino-12-14-march-2019/#Creation-of-additional-Working-Groups---Secure-Mail" target="_blank">https://cabforum.org/2019/05/03/minutes-for-ca-browser-forum-f2f-meeting-46-cupertino-12-14-march-2019/#Creation-of-additional-Working-Groups---Secure-Mail</a></div>
                      <div>"<span>Dean – We have a blank slate here and
                          it seems the reluctance was to make it a
                          narrow scope and then focus on either one
                          aspect of SMIME. First task might be how to
                          validate an email, and then focus on identity
                          validation. Some comments were to make the
                          chart narrow to focus on one task while others
                          say to include all proposed tasks to not have
                          to recharter which has caused issues in the
                          past."</span></div>
                      <div>[3] <a href="https://cabforum.org/2019/08/16/minutes-for-ca-browser-forum-f2f-meeting-47-thessaloniki-12-13-june-2019/#Creation-of-Additional-Groups---Secure-Mail" target="_blank">https://cabforum.org/2019/08/16/minutes-for-ca-browser-forum-f2f-meeting-47-thessaloniki-12-13-june-2019/#Creation-of-Additional-Groups---Secure-Mail</a><br>
                      </div>
                      <div>"<span>Eventually, all parties in the
                          conversation came to the conclusion that it
                          would behoove the Forum to scope the working
                          group charter to domain validation, first,
                          before adding other functionality once that
                          portion was locked-down."</span></div>
                      <div><span>[4] </span><a href="https://cabforum.org/2019/12/12/minutes-for-ca-browser-forum-f2f-meeting-48-guangzhou-5-7-november-2019/#Creation-of-Additional-Groups---Secure-Mail" target="_blank">https://cabforum.org/2019/12/12/minutes-for-ca-browser-forum-f2f-meeting-48-guangzhou-5-7-november-2019/#Creation-of-Additional-Groups---Secure-Mail</a></div>
                      <div><span><br>
                        </span></div>
                      <div><span><br>
                        </span></div>
                    </div>
                    _______________________________________________<br>
                    Public mailing list<br>
                    <a href="mailto:Public@cabforum.org" target="_blank">Public@cabforum.org</a><br>
                    <a href="https://cabforum.org/mailman/listinfo/public" rel="noreferrer" target="_blank">https://cabforum.org/mailman/listinfo/public</a><br>
                  </blockquote>
                </div>
                <br>
                <fieldset></fieldset>
                <pre>_______________________________________________
Public mailing list
<a href="mailto:Public@cabforum.org" target="_blank">Public@cabforum.org</a>
<a href="https://cabforum.org/mailman/listinfo/public" target="_blank">https://cabforum.org/mailman/listinfo/public</a>
</pre>
              </blockquote>
              <br>
            </div>
          </blockquote>
          <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
            _______________________________________________<br>
            Public mailing list<br>
            <a href="mailto:Public@cabforum.org" target="_blank">Public@cabforum.org</a><br>
            <a href="https://cabforum.org/mailman/listinfo/public" rel="noreferrer" target="_blank">https://cabforum.org/mailman/listinfo/public</a><br>
          </blockquote>
        </div>
      </div>
      <br>
      <fieldset></fieldset>
      <pre>_______________________________________________
Public mailing list
<a href="mailto:Public@cabforum.org" target="_blank">Public@cabforum.org</a>
<a href="https://cabforum.org/mailman/listinfo/public" target="_blank">https://cabforum.org/mailman/listinfo/public</a>
</pre>
    </blockquote>
  </div>

_______________________________________________<br>
Public mailing list<br>
<a href="mailto:Public@cabforum.org" target="_blank">Public@cabforum.org</a><br>
<a href="https://cabforum.org/mailman/listinfo/public" rel="noreferrer" target="_blank">https://cabforum.org/mailman/listinfo/public</a><br>
</blockquote></div>