<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Arial Bold";
panose-1:2 11 7 4 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
h1
{mso-style-name:"Heading 1\,1 ghost\,g";
mso-style-link:"Heading 1 Char";
margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:.3in;
text-indent:-.3in;
page-break-after:avoid;
mso-list:l2 level1 lfo1;
font-size:14.0pt;
font-family:"Arial Bold";
font-variant:small-caps;
font-weight:normal;}
h2
{mso-style-name:"Heading 2\,2 headline\,h\,l2";
mso-style-link:"Heading 2 Char";
margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:1.0in;
text-indent:-.4in;
page-break-after:avoid;
mso-list:l2 level2 lfo1;
font-size:12.0pt;
font-family:"Arial Bold";
font-weight:normal;}
h3
{mso-style-name:"Heading 3\,3 bullet\,b\,2\,l3";
mso-style-link:"Heading 3 Char\,3 bullet Char1\,b Char1\,2 Char1\,l3 Char1";
margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:.5in;
text-indent:-.5in;
page-break-after:avoid;
mso-list:l2 level3 lfo1;
font-size:11.0pt;
font-family:"Arial",sans-serif;
font-weight:normal;}
h4
{mso-style-name:"Heading 4\,4 dash\,d\,3\,l4";
mso-style-link:"Heading 4 Char";
margin-top:6.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:40.5pt;
text-indent:-.6in;
page-break-after:avoid;
mso-list:l2 level4 lfo1;
font-size:11.0pt;
font-family:"Arial",sans-serif;
font-weight:normal;}
h5
{mso-style-name:"Heading 5\,5 sub-bullet\,sb\,4";
mso-style-link:"Heading 5 Char";
margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:1.3in;
text-indent:-.7in;
mso-list:l2 level5 lfo1;
font-size:11.0pt;
font-family:"Arial",sans-serif;
font-weight:normal;
font-style:italic;}
h6
{mso-style-name:"Heading 6\,sub-dash\,sd\,5";
mso-style-link:"Heading 6 Char";
margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:1.4in;
text-indent:-.8in;
mso-list:l2 level6 lfo1;
font-size:11.0pt;
font-family:"Arial",sans-serif;
font-weight:normal;
font-style:italic;}
p.MsoHeading7, li.MsoHeading7, div.MsoHeading7
{mso-style-link:"Heading 7 Char";
margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:1.5in;
text-indent:-.9in;
mso-list:l2 level7 lfo1;
font-size:11.0pt;
font-family:"Arial",sans-serif;}
p.MsoHeading8, li.MsoHeading8, div.MsoHeading8
{mso-style-link:"Heading 8 Char";
margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:1.6in;
text-indent:-1.0in;
mso-list:l2 level8 lfo1;
font-size:11.0pt;
font-family:"Arial",sans-serif;
font-style:italic;}
p.MsoHeading9, li.MsoHeading9, div.MsoHeading9
{mso-style-link:"Heading 9 Char";
margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:1.7in;
text-indent:-1.1in;
mso-list:l2 level9 lfo1;
font-size:9.0pt;
font-family:"Arial",sans-serif;
font-weight:bold;
font-style:italic;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.Heading3Char
{mso-style-name:"Heading 3 Char\,3 bullet Char1\,b Char1\,2 Char1\,l3 Char1";
mso-style-link:"Heading 3\,3 bullet\,b\,2\,l3";
font-family:"Arial",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:481505922;
mso-list-template-ids:-721656742;}
@list l0:level1
{mso-level-start-at:4;
mso-level-text:%1;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:30.0pt;
text-indent:-30.0pt;}
@list l0:level2
{mso-level-start-at:9;
mso-level-text:"%1\.%2";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:30.0pt;
text-indent:-30.0pt;}
@list l0:level3
{mso-level-start-at:12;
mso-level-text:"%1\.%2\.%3";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.5in;
text-indent:-.5in;}
@list l0:level4
{mso-level-text:"%1\.%2\.%3\.%4";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.5in;
text-indent:-.5in;}
@list l0:level5
{mso-level-text:"%1\.%2\.%3\.%4\.%5";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.75in;
text-indent:-.75in;}
@list l0:level6
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.75in;
text-indent:-.75in;}
@list l0:level7
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.0in;
text-indent:-1.0in;}
@list l0:level8
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.0in;
text-indent:-1.0in;}
@list l0:level9
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8\.%9";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.25in;
text-indent:-1.25in;}
@list l1
{mso-list-id:895504498;
mso-list-template-ids:-301679108;}
@list l1:level1
{mso-level-start-at:4;
mso-level-text:%1;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:30.0pt;
text-indent:-30.0pt;}
@list l1:level2
{mso-level-start-at:9;
mso-level-text:"%1\.%2";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:30.0pt;
text-indent:-30.0pt;}
@list l1:level3
{mso-level-start-at:13;
mso-level-text:"%1\.%2\.%3";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.5in;
text-indent:-.5in;}
@list l1:level4
{mso-level-text:"%1\.%2\.%3\.%4";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.5in;
text-indent:-.5in;}
@list l1:level5
{mso-level-text:"%1\.%2\.%3\.%4\.%5";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.75in;
text-indent:-.75in;}
@list l1:level6
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.75in;
text-indent:-.75in;}
@list l1:level7
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.0in;
text-indent:-1.0in;}
@list l1:level8
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.0in;
text-indent:-1.0in;}
@list l1:level9
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8\.%9";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.25in;
text-indent:-1.25in;}
@list l2
{mso-list-id:1126267122;
mso-list-template-ids:-732532380;}
@list l2:level1
{mso-level-style-link:"Heading 1";
mso-level-text:%1;
mso-level-tab-stop:.3in;
mso-level-number-position:left;
margin-left:.3in;
text-indent:-.3in;}
@list l2:level2
{mso-level-style-link:"Heading 2";
mso-level-text:"%1\.%2";
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.4in;}
@list l2:level3
{mso-level-style-link:"Heading 3";
mso-level-text:"%1\.%2\.%3";
mso-level-tab-stop:.5in;
mso-level-number-position:left;
margin-left:.5in;
text-indent:-.5in;}
@list l2:level4
{mso-level-style-link:"Heading 4";
mso-level-text:"%1\.%2\.%3\.%4";
mso-level-tab-stop:182.7pt;
mso-level-number-position:left;
margin-left:182.7pt;
text-indent:-.6in;}
@list l2:level5
{mso-level-style-link:"Heading 5";
mso-level-text:"%1\.%2\.%3\.%4\.%5";
mso-level-tab-stop:1.3in;
mso-level-number-position:left;
margin-left:1.3in;
text-indent:-.7in;}
@list l2:level6
{mso-level-style-link:"Heading 6";
mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6";
mso-level-tab-stop:1.4in;
mso-level-number-position:left;
margin-left:1.4in;
text-indent:-.8in;}
@list l2:level7
{mso-level-style-link:"Heading 7";
mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7";
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
margin-left:1.5in;
text-indent:-.9in;}
@list l2:level8
{mso-level-style-link:"Heading 8";
mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8";
mso-level-tab-stop:1.6in;
mso-level-number-position:left;
margin-left:1.6in;
text-indent:-1.0in;}
@list l2:level9
{mso-level-style-link:"Heading 9";
mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8\.%9";
mso-level-tab-stop:1.7in;
mso-level-number-position:left;
margin-left:1.7in;
text-indent:-1.1in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72" style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal>Stephen<o:p></o:p></p><p class=MsoNormal>On the subject of Suspension, I agree that if the applications don’t verify signature at time of signing, suspension can be a problem. It concerns me that this behavior is a ‘given’ and therefore the organizations that use these credentials are inconvenienced. I do not agree that the encryption use case is similarly impacted. <o:p></o:p></p><p class=MsoNormal>I believe there are some legitimate use cases for this beyond those suggested on the call. In my experience organizations often use suspension for seasonal or sporadic workers. <o:p></o:p></p><p class=MsoNormal>I have some language for your consideration on the inclusion of suspension – perhaps a starting point:<o:p></o:p></p><h3 style='mso-list:l1 level3 lfo3'><a name="_Toc276026458"></a><a name="_Toc279165879"></a><a name="_Toc279166221"></a><a name="_Toc62038955"><span style='mso-bookmark:_Toc279166221'><span style='mso-bookmark:_Toc279165879'><span style='mso-bookmark:_Toc276026458'><![if !supportLists]><b><span style='mso-list:Ignore'>4.9.13<span style='font:7.0pt "Times New Roman"'> </span></span></b><![endif]><b>Circumstances for Suspension</b></span></span></span></a><b><o:p></o:p></b></h3><p class=MsoNormal style='margin-top:6.0pt;text-autospace:none'><span style='layout-grid-mode:line'>Suspension may be permitted for end-user certificates </span>as follows: 1) the discretion of the certificate issuer; 2) the user’s token is temporarily unavailable; 3) authority to use the token has been suspended temporarily; 4) token possession is unknown.<span style='font-size:10.0pt'><o:p></o:p></span></p><h3 style='mso-list:l1 level3 lfo3'><![if !supportLists]><b><span style='mso-list:Ignore'>4.9.14<span style='font:7.0pt "Times New Roman"'> </span></span></b><![endif]><b> <a name="_Toc276026459"></a><a name="_Toc279165880"></a><a name="_Toc279166222"></a><a name="_Toc62038956"><span style='mso-bookmark:_Toc279166222'><span style='mso-bookmark:_Toc279165880'><span style='mso-bookmark:_Toc276026459'>Who can Request Suspension</span></span></span></a><o:p></o:p></b></h3><p class=MsoNormal>The certificate subject, certificate subject’s organization, issuing CA, or RA may request suspension of a certificate.<o:p></o:p></p><h3 style='mso-list:l1 level3 lfo3'><![if !supportLists]><b><span style='mso-list:Ignore'>4.9.15<span style='font:7.0pt "Times New Roman"'> </span></span></b><![endif]><b> <a name="_Toc276026460"></a><a name="_Toc279165881"></a><a name="_Toc279166223"></a><a name="_Toc62038957"><span style='mso-bookmark:_Toc279166223'><span style='mso-bookmark:_Toc279165881'><span style='mso-bookmark:_Toc276026460'>Procedure for Suspension Request</span></span></span></a><o:p></o:p></b></h3><p class=MsoNormal>A request to suspend a certificate shall identify the certificate to be suspended, explain the reason for suspension, and allow the request to be authenticated (e.g., digitally or manually signed).<o:p></o:p></p><p class=MsoNormal>The reason code CRL entry extension shall be populated with “certificateHold”. <o:p></o:p></p><h3 style='mso-list:l1 level3 lfo3'><![if !supportLists]><b><span style='mso-list:Ignore'>4.9.16<span style='font:7.0pt "Times New Roman"'> </span></span></b><![endif]><b> <a name="_Toc276026461"></a><a name="_Toc279165882"></a><a name="_Toc279166224"></a><a name="_Toc62038958"><span style='mso-bookmark:_Toc279166224'><span style='mso-bookmark:_Toc279165882'><span style='mso-bookmark:_Toc276026461'>Limits on Suspension Period</span></span></span></a><o:p></o:p></b></h3><p class=MsoNormal>The CA shall specify the maximum time period a certificate may be suspended. The CPS shall describe in detail how this maximum suspension period is enforced. If the subscriber has not removed the certificate from hold (suspension) within that period, the certificate shall be revoked for reason of “Key Compromise”.<o:p></o:p></p><p class=MsoNormal>In order to mitigate the threat of unauthorized person removing the certificate from hold, the subscriber identity shall be authenticated in person using initial identity proofing process described in Section 3.2.3 or using the Human Subscriber Re-Authentication process described in Section 3.2.3.2.<o:p></o:p></p><p class=MsoNormal>If a certificate is suspended for a period greater than 30 days, an authorizing official must verify the need for restoring the credential to the individual. Certificates that have expired or otherwise been revoked for other reasons shall not be restored.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Judy <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal><b>Judith Spencer | PMA Chair | CertiPath, Inc.<o:p></o:p></b></p><p class=MsoNormal><span lang=ES>1900 Reston Metro Plaza, Suite 303, Reston, VA 20190<o:p></o:p></span></p><p class=MsoNormal><b>PH</b> +1.703.793.7875<o:p></o:p></p><p class=MsoNormal><b>Email</b> <a href="mailto:Judith.Spencer@CertiPath.com"><span style='color:#0563C1'>Judith.Spencer@CertiPath.com</span></a> <o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b>From:</b> Smcwg-public <smcwg-public-bounces@cabforum.org> <b>On Behalf Of </b>Stephen Davidson via Smcwg-public<br><b>Sent:</b> Wednesday, August 31, 2022 10:37 AM<br><b>To:</b> smcwg-public@cabforum.org<br><b>Subject:</b> [Smcwg-public] Update redline for recent changes to S/MIME BR<o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>For ease of tracking, here is a comparison of changes that have been made in the last week to the S/MIME BR as a result of feedback from the group.<o:p></o:p></p><p class=MsoNormal><a href="https://github.com/cabforum/smime/compare/1dc71b4a72ea93fbed010640f37bdbabe88c2591...222d4ae676ed2bc7134fd03ad4b72003051ee3f6">https://github.com/cabforum/smime/compare/1dc71b4a72ea93fbed010640f37bdbabe88c2591...222d4ae676ed2bc7134fd03ad4b72003051ee3f6</a><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Regards, Stephen<o:p></o:p></p></div></body></html>