[Smcwg-public] Approved Minutes of SMCWG November 15, 2023

Stephen Davidson Stephen.Davidson at digicert.com
Thu Dec 7 16:25:38 UTC 2023 

Minutes of SMCWG


November 15, 2023

 

These are the Approved Minutes of the meeting described in the subject of
this message. Corrections and clarifications where needed are encouraged by
reply.


Attendees 


Adrian Mueller - (SwissSign), Andrea Holland - (VikingCloud), Ben Wilson -
(Mozilla), Bruce Morton - (Entrust), Chad Ehlers - (IdenTrust), Christophe
Bonjean - (GlobalSign), Clint Wilson - (Apple), Corey Bonnell - (DigiCert),
Dimitris Zacharopoulos - (HARICA), Doug Beattie - (GlobalSign), Inaba
Atsushi - (GlobalSign), Inigo Barreira - (Sectigo), Judith Spencer -
(CertiPath), Marco Schambach - (IdenTrust), Martijn Katerbarg - (Sectigo),
Miguel Sanchez - (Google), Morad Abou Nasser - (TeleTrust), Paul van
Brouwershaven - (Entrust), Rebecca Kelley - (Apple), Robert Lee -
(GlobalSign), Russ Housley - (Vigil Security LLC), Scott Rea - (eMudhra),
Stefan Selbitschka - (rundQuadrat), Stephen Davidson - (DigiCert), Tadahiko
Ito - (SECOM Trust Systems), Wendy Brown - (US Federal PKI Management
Authority)


1. Roll Call


The Roll Call was taken.


2. Read Antitrust Statement


The statement was read concerning the antitrust policy, code of conduct, and
intellectual property rights agreement.


3. Review Agenda


Minutes were prepared by Stephen Davidson.


4. Approval of minutes from last teleconference


The minutes for the meeting at the F2F CABF#60 and the teleconference of
October 25 were approved.


5. Discussion 


Stephen Davidson confirmed that Ballot SMC04 has passed and was now in IP
review, ending at 1700 UTC on December 8.

 

Stephen walked through the draft text of a ballot to introduce CAA for
S/MIME, which may be seen at
<https://url.avanan.click/v2/___https:/github.com/srdavidson/smime/compare/2
41e92cde85c25d7e0d4a5c70118ecadacd4d72b...29f73eb50573bf3e04cb417aaf67be1c20
9f066b___.YXAzOmRpZ2ljZXJ0OmE6bzpjZjAxOGFlOGY5MDFmMzI1ZDdmNGI3MDlkZDFjYWNhMz
o2OmFhYzM6YjBmMmMwMGU5NTA0N2ZjNGYwMjM4NDc4ZWU5YWQ2YmQyMDgyOTdlMGMxMjgwNTcyZG
Y0ODMwOTY4MTM3ZTM1MTpoOkY>
https://github.com/srdavidson/smime/compare/241e92cde85c25d7e0d4a5c70118ecad
acd4d72b...29f73eb50573bf3e04cb417aaf67be1c209f066b, noting that it drew
heavily on the text already found in the TLS BR.  Clint Wilson noted that
CAA should be applied to all email addresses in the certificate, and that
mailbox addresses in the Subject should be repeated in the SAN.

 

Stephen noted that he had reached out to KeyFactor (EJBCA) regarding the
topic, and strongly encouraged CAs that use commercial software to speak
with their respective vendors on the implementation of CAA for S/MIME.

 

Stephen outlined the timeline previously discussed in the WG, which would
call for a SHOULD after ~6 months and a SHALL after ~12 months (final dates
to be determined at the time of ballot).  He asked for feedback on the
acceptability of those timeframes.

 

Stephen then reviewed the issues at
<https://url.avanan.click/v2/___https:/github.com/cabforum/smime/issues___.Y
XAzOmRpZ2ljZXJ0OmE6bzpjZjAxOGFlOGY5MDFmMzI1ZDdmNGI3MDlkZDFjYWNhMzo2OjQwZTk6N
mFlOGNiNDhmZDAzMzU3OGU0Y2Q5NWM0NWUzZDJiMzJkNDNkY2VlNTFmMjc0NWZjMzc1ZjVhNjg5M
TI1NTgwMDpoOkY> https://github.com/cabforum/smime/issues noting those that
are already implemented in the draft of a future cleanup ballot which can be
found at
<https://url.avanan.click/v2/___https:/github.com/srdavidson/smime/commits/B
allot-SMC05/SBR.md___.YXAzOmRpZ2ljZXJ0OmE6bzpjZjAxOGFlOGY5MDFmMzI1ZDdmNGI3MD
lkZDFjYWNhMzo2OjI5NzU6MjcyMzg1MjY5MTlhNTI4Y2U2NzAzN2QzMDM1ZDFjYWUxZjFkMjRlNz
k4YjVlZmY2MjgxOGNmNmFlZjQxYzEwYjpoOkY>
https://github.com/srdavidson/smime/commits/Ballot-SMC05/SBR.md.

 

Stephen noted several new issues filed by Rob Lee and suggested to WG
members that this was a good place to file questions that may be raised in
the course of operating under the SBR.

 

The WG discussed the revocation backdating topic seen at
<https://url.avanan.click/v2/___https:/github.com/cabforum/smime/issues/221_
__.YXAzOmRpZ2ljZXJ0OmE6bzpjZjAxOGFlOGY5MDFmMzI1ZDdmNGI3MDlkZDFjYWNhMzo2OjVjZ
DU6NzFkMDUyZDcwYTQzMDQwMTZhNzk0OTJiNzkwYzg5YWNhMWJhMjVlZDA2MWM4NmE4Nzg1MjRiN
zU1YzZkYWJjYjpoOkY> https://github.com/cabforum/smime/issues/221.  It was
agreed to park the topic for now given the doubts that backdating had a use
in the S/MIME protocol as it stands. Stephen said the WG would return to the
topic in future if it simplified implementations for CA operators.  

 

The WG discussed the topic of the SV Legacy Subject which had arisen in
several teleconferences; Stephen noted that the group would return to it in
December. One consideration was whether to tweak the Legacy profile, or to
focus on the date upon which the Legacy profiles might be reasonably
retired.  Stephen again asked CAs to consider if there were elements missing
from the Multipurpose or Strict profiles that might complicate this
migration.

 


6. Any Other Business


 

None


7. Next call


Next call: Wednesday, December 6, 2023 at 11:00 am Eastern Time


Adjourned


 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20231207/905d41b5/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5293 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20231207/905d41b5/attachment-0001.p7s>

More information about the Smcwg-public mailing list