[Smcwg-public] CAA for S/MIME

[Stephen Davidson]

Thanks Bruce.  That section is planned to be deleted.

https://github.com/srdavidson/smime/compare/241e92cde85c25d7e0d4a5c70118ecad
acd4d72b...c8b0c9ff9fa28c2c7abeb2871aaa2d60a19842ed

 

I can certainly move the content to 3.2.2.4 but I see that the TLS BR are
considering gathering their the CAA information in 3.2.2.8 which may be
confusing for CAs?

 

The use of 4.2 would allow consistency across the two docs.

 

 

 

From: Bruce Morton <Bruce.Morton at entrust.com> 
Sent: Wednesday, December 6, 2023 9:09 PM
To: Stephen Davidson <Stephen.Davidson at digicert.com>; SMIME Certificate
Working Group <smcwg-public at cabforum.org>
Subject: RE: CAA for S/MIME

 

I think we need to fix this section:

 

3.2.2.4 CAA records

This version of the S/MIME Baseline Requirements does not require the CA to
check for CAA records. The CAA property tags for `issue`, `issuewild`, and
`iodef` as specified in [RFC
8659](https://datatracker.ietf.org/doc/html/rfc8659) are not recognized for
the issuance of S/MIME Certificates.

 

I would really like to add all CAA requirements to section 3.2.2.4, since it
is called CAA records. This would be in line with this TLS BR comment
https://github.com/cabforum/servercert/issues/466.

 

 

Thanks, Bruce.

 

From: Smcwg-public <smcwg-public-bounces at cabforum.org
<mailto:smcwg-public-bounces at cabforum.org> > On Behalf Of Stephen Davidson
via Smcwg-public
Sent: Wednesday, December 6, 2023 1:00 PM
To: smcwg-public at cabforum.org <mailto:smcwg-public at cabforum.org> 
Subject: [EXTERNAL] [Smcwg-public] CAA for S/MIME

 

Hello:

 

Here is an updated diff for the CAA text following our discussions today:

 

-As suggested by Cade, to add the TTL/8hr reference consistent with the TLS
BR.

-To add the implementation dates in 2.2 and 4.2

 

https://github.com/srdavidson/smime/compare/241e92cde85c25d7e0d4a5c70118ecad
acd4d72b...43228a41a5cc99a3301c4066621787cde7e0f79a

 

The plan will be to move this to ballot at the start of 2024, so I encourage
CAs to engage with operations teams and/or software vendors on the
suitability of the implementation dates.

 

Best regards, Stephen

 

 

Any email and files/attachments transmitted with it are intended solely for
the use of the individual or entity to whom they are addressed. If this
message has been sent to you in error, you must not copy, distribute or
disclose of the information it contains. Please notify Entrust immediately
and delete the message from your system. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20231207/840cf5da/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5293 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20231207/840cf5da/attachment.p7s>