<div dir="ltr">Attached is a word version that contains relevant cert profiles from the US Federal PKI.<div>This is a newer format for our profiles which I think is more readable than what is currently published. This document should be publicly available in a few weeks, it is currently going through a final approval process.</div><div><br></div><div>I have removed cert profiles that are not directly relevant from this document, however I left in one for user authentication. I'd just like to note that in the US federal government we currently use a 3 cert model for people certificates - separate certs for client authentication such as smart card logon, digital signature, and key management, in most cases all 3 certificates are issued from the same issuing CA for a given user. Both the digital signature and key management cert profiles would be used for email protection - one for digitally signing and the other for encryption of emails.</div><div><br></div><div>I also started adding in some comments on some cert extensions that the WG may not want to require for everyone, but we would like to see allowed.</div><div><br></div><div>thanks,<br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><p><span style="font-family:"Segoe Script",sans-serif">Wendy</span></p>
<p><span style="font-size:12.8px">Wendy Brown<br></span><span style="font-size:12.8px">Supporting GSA FPKI<br></span><span style="font-size:12.8px">Protiviti Government
Services</span></p>
<p> 703-965-2990 (cell)</p>
<p><a href="mailto:wendy.brown@gsa.gov" style="font-size:12.8px" target="_blank">wendy.brown@gsa.gov</a><br><a href="mailto:wendy.brown@protiviti.com" style="font-family:Calibri,sans-serif" target="_blank">wendy.brown@protiviti.com</a></p></div></div></div></div></div></div></div></div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Aug 3, 2020 at 12:45 PM Stephen Davidson via Smcwg-public <<a href="mailto:smcwg-public@cabforum.org">smcwg-public@cabforum.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div lang="EN-US">
<div class="gmail-m_6629989400683380881WordSection1">
<p class="MsoNormal">Hello all:<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">SMCWG members are encouraged to submit relevant standards for S/MIME certificates for the group’s consideration via the public listserv. Here are two important ones:<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<ul style="margin-top:0in" type="disc">
<li class="gmail-m_6629989400683380881MsoListParagraph" style="margin-left:0in">Mozilla Root Store Policy. Particularly Section 2.2 (2) for validation of email control and Section 6.2 for S/MIME revocation events. <a href="https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/" target="_blank">https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/</a><u></u><u></u></li><li class="gmail-m_6629989400683380881MsoListParagraph" style="margin-left:0in">Gmail’s acceptable S/MIME certificate profiles for end entity certs, intermediate CAs, and root CAs:
<a href="https://support.google.com/a/answer/7300887?hl=en&ref_topic=9061730" target="_blank">https://support.google.com/a/answer/7300887?hl=en&ref_topic=9061730</a><u></u><u></u></li></ul>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">We are interested to know if similar S/MIME certificate profiles exist in government or industry standards.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Regards, Stephen<u></u><u></u></p>
</div>
</div>
_______________________________________________<br>
Smcwg-public mailing list<br>
<a href="mailto:Smcwg-public@cabforum.org" target="_blank">Smcwg-public@cabforum.org</a><br>
<a href="https://lists.cabforum.org/mailman/listinfo/smcwg-public" rel="noreferrer" target="_blank">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a><br>
</blockquote></div>