<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
h2
{mso-style-priority:9;
mso-style-link:"Heading 2 Char";
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:18.0pt;
font-family:"Calibri",sans-serif;
color:black;}
span.Heading2Char
{mso-style-name:"Heading 2 Char";
mso-style-priority:9;
mso-style-link:"Heading 2";
font-family:"Calibri",sans-serif;
color:black;
font-weight:bold;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72" style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span style='color:windowtext'>Hi Stephen,<o:p></o:p></span></p><p class=MsoNormal><span style='color:windowtext'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:windowtext'>Regarding the vetting process, I’d like to add one more to your list for consideration and that’s to use the standard TLS OV vetting model from the BRs, section 3.2 vs OV+ as shown below. Code Signing uses that same section as is, so for me, it would make sense to also have a flavor of S/MIME that uses that section without modification. Can we add a 4<sup>th</sup> bullet to your agenda for that option to be considered?<o:p></o:p></span></p><p class=MsoNormal><span style='color:windowtext'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:windowtext'>I also think there is a discussion to be had on audit requirements for Enterprise RA when adding a user’s name into the S/MIME certificates, maybe for a future meeting.<o:p></o:p></span></p><p class=MsoNormal><span style='color:windowtext'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:windowtext'>Doug<o:p></o:p></span></p><p class=MsoNormal><span style='color:windowtext'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='color:windowtext'>From:</span></b><span style='color:windowtext'> Smcwg-public <smcwg-public-bounces@cabforum.org> <b>On Behalf Of </b>Stephen Davidson via Smcwg-public<br><b>Sent:</b> Tuesday, April 26, 2022 6:09 PM<br><b>To:</b> SMIME Certificate Working Group <smcwg-public@cabforum.org><br><b>Subject:</b> [Smcwg-public] Draft SMCWG agenda - Wednesday, April 27, 2022<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><h2><a name="_Hlk72771135">SMCWG Agenda<o:p></o:p></a></h2><h2><span style='mso-bookmark:_Hlk72771135'><span style='font-size:11.0pt;font-weight:normal'>Draft SMCWG agenda - Wednesday, April 27, 2022 at 11:00 am Eastern Time<o:p></o:p></span></span></h2><h2><span style='mso-bookmark:_Hlk72771135'><span style='font-size:11.0pt;font-weight:normal'>Here is a draft agenda for the teleconference described in the subject of this message. Please review and propose changes if necessary.<o:p></o:p></span></span></h2><h2><span style='mso-bookmark:_Hlk72771135'><span style='font-size:11.0pt;font-weight:normal'>1. Roll Call <o:p></o:p></span></span></h2><h2><span style='mso-bookmark:_Hlk72771135'><span style='font-size:11.0pt;font-weight:normal'>2. Read Antitrust / Compliance Statement<o:p></o:p></span></span></h2><h2><span style='mso-bookmark:_Hlk72771135'><span style='font-size:11.0pt;font-weight:normal'>3. Review Agenda<o:p></o:p></span></span></h2><h2><span style='mso-bookmark:_Hlk72771135'><span style='font-size:11.0pt;font-weight:normal'>4. Approval of minutes from teleconference of April 13, 2022<o:p></o:p></span></span></h2><h2 style='margin-left:.5in;text-indent:-.5in'><span style='mso-bookmark:_Hlk72771135'><span style='font-size:11.0pt;font-weight:normal'>5. Discussion <o:p></o:p></span></span></h2><h2 style='margin-left:.5in'><span style='mso-bookmark:_Hlk72771135'><span style='font-size:11.0pt;font-weight:normal'>Previous WG discussions in 2021 focused upon whether the S/MIME BR needed to establish the O is ANY company called ExampleCo or that it's THAT PARTICULAR company called ExampleCo registered in New York. Based on feedback from Cert Consumers, WG discussion gravitated towards EV-like vetting and the inclusion of a unique identifier in the certificates (using the subject:organizationalIdentifer from ETSI and the EVG rather than the layered EV JOI attributes).<o:p></o:p></span></span></h2><h2 style='margin-left:.5in'><span style='mso-bookmark:_Hlk72771135'><span style='font-size:11.0pt;font-weight:normal'>Some CA concern has now been raised regarding EV as the choice for O vetting. Options to be discussed:<o:p></o:p></span></span></h2><h2 style='margin-left:.75in;text-indent:-.25in'><span style='mso-bookmark:_Hlk72771135'><span style='font-size:11.0pt;font-weight:normal'>• Go full EV (as currently proposed in Section 3.2.3 [org vetting], 3.26 [validation of authority], and 3.2.8 [reliability of sources] of the draft S/MIME BR, on basis has existing CABF approval/audit criteria)<o:p></o:p></span></span></h2><h2 style='margin-left:.75in;text-indent:-.25in'><span style='mso-bookmark:_Hlk72771135'><span style='font-size:11.0pt;font-weight:normal'>• Use modernized EV (what parts are best suited for the S/MIME use case? Have heard proposals to remove physical and operational presence, review roles, simplify the text)<o:p></o:p></span></span></h2><h2 style='margin-left:.75in;text-indent:-.25in'><span style='mso-bookmark:_Hlk72771135'><span style='font-size:11.0pt;font-weight:normal'>• Adopt OV+ (restrict to Gov data sources or active/corroborated LEI; provide more detail on attestations, roles)<o:p></o:p></span></span></h2><h2 style='margin-left:.5in'><span style='mso-bookmark:_Hlk72771135'><span style='font-size:11.0pt;font-weight:normal'>The goal is to resolve this remaining issue so we can move to Pre-Ballot discussion.<o:p></o:p></span></span></h2><h2><span style='mso-bookmark:_Hlk72771135'><span style='font-size:11.0pt;font-weight:normal'>6. Any other business <o:p></o:p></span></span></h2><h2 style='margin-left:.5in;text-indent:-.5in'><span style='mso-bookmark:_Hlk72771135'><span style='font-size:11.0pt;font-weight:normal'>7. Next call: Wednesday, May 11, 2022 at 11:00 am Eastern Time<o:p></o:p></span></span></h2><h2><span style='mso-bookmark:_Hlk72771135'><span style='font-size:11.0pt;font-weight:normal'> Adjourn<o:p></o:p></span></span></h2><span style='mso-bookmark:_Hlk72771135'></span><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='color:windowtext'><o:p> </o:p></span></p></div></body></html>