[Smcwg-public] CAA for S/MIME
Ben Wilson
bwilson at mozilla.com
Thu Dec 7 16:28:48 UTC 2023
It would be great if we could coordinate with a SCWG ballot that requires
that CAA be put in section 3.2.2.8. However, as I said on the recent call,
there might be a CA or two that has already populated section 3.2.2.8 of
their CP/CPS with something else.
On Thu, Dec 7, 2023 at 8:59 AM Stephen Davidson via Smcwg-public <
smcwg-public at cabforum.org> wrote:
> Thanks Bruce. That section is planned to be deleted.
>
>
> https://github.com/srdavidson/smime/compare/241e92cde85c25d7e0d4a5c70118ecadacd4d72b...c8b0c9ff9fa28c2c7abeb2871aaa2d60a19842ed
>
>
>
> I can certainly move the content to 3.2.2.4 but I see that the TLS BR are
> considering gathering their the CAA information in 3.2.2.8 which may be
> confusing for CAs?
>
>
>
> The use of 4.2 would allow consistency across the two docs.
>
>
>
>
>
>
>
> *From:* Bruce Morton <Bruce.Morton at entrust.com>
> *Sent:* Wednesday, December 6, 2023 9:09 PM
> *To:* Stephen Davidson <Stephen.Davidson at digicert.com>; SMIME Certificate
> Working Group <smcwg-public at cabforum.org>
> *Subject:* RE: CAA for S/MIME
>
>
>
> I think we need to fix this section:
>
>
>
> 3.2.2.4 CAA records
>
> This version of the S/MIME Baseline Requirements does not require the CA
> to check for CAA records. The CAA property tags for `issue`, `issuewild`,
> and `iodef` as specified in [RFC 8659](
> https://datatracker.ietf.org/doc/html/rfc8659) are not recognized for the
> issuance of S/MIME Certificates.
>
>
>
> I would really like to add all CAA requirements to section 3.2.2.4, since
> it is called CAA records. This would be in line with this TLS BR comment
> https://github.com/cabforum/servercert/issues/466.
>
>
>
>
>
> Thanks, Bruce.
>
>
>
> *From:* Smcwg-public <smcwg-public-bounces at cabforum.org> *On Behalf Of *Stephen
> Davidson via Smcwg-public
> *Sent:* Wednesday, December 6, 2023 1:00 PM
> *To:* smcwg-public at cabforum.org
> *Subject:* [EXTERNAL] [Smcwg-public] CAA for S/MIME
>
>
>
> Hello:
>
>
>
> Here is an updated diff for the CAA text following our discussions today:
>
>
>
> -As suggested by Cade, to add the TTL/8hr reference consistent with the
> TLS BR.
>
> -To add the implementation dates in 2.2 and 4.2
>
>
>
>
> https://github.com/srdavidson/smime/compare/241e92cde85c25d7e0d4a5c70118ecadacd4d72b...43228a41a5cc99a3301c4066621787cde7e0f79a
>
>
>
> The plan will be to move this to ballot at the start of 2024, so I
> encourage CAs to engage with operations teams and/or software vendors on
> the suitability of the implementation dates.
>
>
>
> Best regards, Stephen
>
>
>
>
>
> *Any email and files/attachments transmitted with it are intended solely
> for the use of the individual or entity to whom they are addressed. If this
> message has been sent to you in error, you must not copy, distribute or
> disclose of the information it contains. Please notify Entrust immediately
> and delete the message from your system.*
> _______________________________________________
> Smcwg-public mailing list
> Smcwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/smcwg-public
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20231207/58202565/attachment.html>
More information about the Smcwg-public
mailing list