[Smcwg-public] Approved Minutes of SMCWG January 31, 2024

Fri Feb 16 10:59:42 UTC 2024

Minutes of SMCWG January 31, 2024 

These are the Approved Minutes of the meeting described in the subject of this message. Corrections and clarifications where needed are encouraged by reply. 
Attendees Abhishek Bhat - (eMudhra), Adrian Mueller - (SwissSign), Adriano Santoni - (Actalis S.p.A.), Andrea Holland - (VikingCloud), Andreas Henschel - (D-TRUST), Ashish Dhiman - (GlobalSign), Ben Wilson - (Mozilla), Bruce Morton - (Entrust), Clint Wilson - (Apple), Corey Bonnell - (DigiCert), Dave Chin - (CPA Canada/WebTrust), Don Sheehy - (CPA Canada/WebTrust), Enrico Entschew - (D-TRUST), Inaba Atsushi - (GlobalSign), Inigo Barreira - (Sectigo), Judith Spencer - (CertiPath), Keshava Nagaraju - (eMudhra), Marco Schambach - (IdenTrust), Morad Abou Nasser - (TeleTrust), Nome Huang - (TrustAsia), Paul van Brouwershaven - (Entrust), Pedro Fuentes - (OISTE Foundation), Rebecca Kelley - (Apple), Renne Rodriguez - (Apple), Rollin Yu - (TrustAsia), Scott Rea - (eMudhra), Stefan Selbitschka - (rundQuadrat), Stephen Davidson - (DigiCert), Tadahiko Ito - (SECOM Trust Systems), Thomas Zermeno - (SSL.com), Tim Crawford - (CPA Canada/WebTrust), Tsung-Min Kuo - (Chunghwa Telecom), Wendy Brown - (US Federal PKI Management Authority) 1. Roll Call The Roll Call was taken. 
2. Read Antitrust Statement The statement was read concerning the antitrust policy, code of conduct, and intellectual property rights agreement. 
3. Review Agenda Minutes were prepared by Stephen Davidson. 
4. Approval of minutes from last teleconference The minutes for the teleconference of January 17 were approved. 
5. Discussion Stephen Davidson noted that “Ballot SMC05: Adoption of CAA for S/MIME <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcabforum.org%2F2024%2F01%2F17%2Fballot-smc05-adoption-of-caa-for-s-mime%2F&data=05%7C02%7Cmartijn.katerbarg%40sectigo.com%7C04b9417048e74b26241208dc2355c6b4%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638424098533894502%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=b3cQsfHjk8YeY0W%2FvmtbnYArsN7sFZdj%2FqXlX9RG%2FsU%3D&reserved=0>” was in IPR, ending on February 16. 

Stephen noted the discussion that was occurring at the Server Certificate WG regarding delegated third party DNS and that such language would likely be added to the S/MIME BR as well. See https://github.com/cabforum/smime/issues/233 <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fsmime%2Fissues%2F233&data=05%7C02%7Cmartijn.katerbarg%40sectigo.com%7C04b9417048e74b26241208dc2355c6b4%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638424098533905042%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=lqr4GgRdynT2SZeghwdoZflJe0MrEBFAlC2CnnhQAq4%3D&reserved=0> 

The WG considered additional text changes related to Ballot SMC06: Clarifications and corrections to S/MIME BR including those found at https://github.com/cabforum/smime/issues <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fsmime%2Fissues&data=05%7C02%7Cmartijn.katerbarg%40sectigo.com%7C04b9417048e74b26241208dc2355c6b4%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638424098533912196%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=mtxthwM2SY4O8K4UQbabyYH8kkpCtV68xEiUIeDzFdQ%3D&reserved=0>. Stephen noted the WG would move this to ballot soon, likely in late February. 

Issue 232: Forbid issuance of certificates to ceased organizations https://github.com/cabforum/smime/issues/232 <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fsmime%2Fissues%2F232&data=05%7C02%7Cmartijn.katerbarg%40sectigo.com%7C04b9417048e74b26241208dc2355c6b4%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638424098533918026%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=SZvoCk13%2Bg598Nfv6So03T3gCucr823H75tWEMlIQJE%3D&reserved=0>. Stephen presented proposed text, with a suggested effective date of September 2024. Bruce Morton said he’d be surprised if CAs were not verifying this already. Following extensive discussion, the approach was agreed. It was suggested that the Server Certificate WG and the Code Signing WG adopt similar measures. 

Issue 234: Clarify private key delivery to subscriber https://github.com/cabforum/smime/issues/234 <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fcabforum%2Fsmime%2Fissues%2F234&data=05%7C02%7Cmartijn.katerbarg%40sectigo.com%7C04b9417048e74b26241208dc2355c6b4%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638424098533923293%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=ftxPawvc5lJ2XJXNO7cB1qrpJPcMd5tVM3NuKevVOWo%3D&reserved=0>. Stephen noted the current text had become tangled through editing, where a requirement adopted from the CSBR (to deliver a password separately from a hardware device) had become separated in the text in a way that could be read in an unintended manner. He said there had been enquiries about this section from CAs and auditors, relating to the treatment of APIs, and the issue of 3DES which was still required for delivery of P12s to many mobile devices. In addition the current text “example methods” was unique in the SBR and it was not clear if they were a MAY or SHOULD or an exhaustive list. It was noted that the example for passwords was probably inadequate and should be changed in both the SBR and CSBR. There was significant discussion regarding the requirement for 128-bit encryption when it was acknowledged that 112-bit was a more appropriate level at this time, although the WG should revisit that at a future date. There was no objection to passwords being passed in the same authenticated/encrypted API as the key material. Stephen presented possible text to implement the agreed approach. Subsequent to the meeting it was noted that a Bugzilla has been filed related to this section. See https://bugzilla.mozilla.org/show_bug.cgi?id=1877680 <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.mozilla.org%2Fshow_bug.cgi%3Fid%3D1877680&data=05%7C02%7Cmartijn.katerbarg%40sectigo.com%7C04b9417048e74b26241208dc2355c6b4%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638424098533928537%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=FLlgYOIgb0J%2FbCow6ZZmijbiQp9%2BqEps2xCY7y8Mq9g%3D&reserved=0> finding #4. 

Issue 199: Repeated subject DN attributes. Discussion was deferred. 

See also https://github.com/srdavidson/smime/blob/Ballot-SMC06/SBR.md <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsrdavidson%2Fsmime%2Fblob%2FBallot-SMC06%2FSBR.md&data=05%7C02%7Cmartijn.katerbarg%40sectigo.com%7C04b9417048e74b26241208dc2355c6b4%7C0e9c48946caa465d96604b6968b49fb7%7C0%7C0%7C638424098533934168%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Zx%2BORD2Tew6zsHp9qp8mEFuiiLEaC7mrOIRni66B2C8%3D&reserved=0> 

6. Any Other Business 
None 
7. Next call Next call: Wednesday, February 14, 2024 at 11:00 am Eastern Time 
Adjourned 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20240216/6fb4ff75/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 8254 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20240216/6fb4ff75/attachment-0001.bin>