<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><font face="Calibri">I fully concur with Dimitris.</font></p>
<p><font face="Calibri">Adriano</font></p>
<p><br>
</p>
<div class="moz-cite-prefix">Il 13/09/2022 13:22, Dimitris
Zacharopoulos (HARICA) via Smcwg-public ha scritto:<br>
</div>
<blockquote type="cite"
cite="mid:0100018336965856-f5f1fdca-d4be-4d8d-be80-203cb973920b-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title></title>
<div align="center">
<table width="30%" cellspacing="2" cellpadding="2" border="1">
<tbody>
<tr>
<td valign="top" bgcolor="#ffff00"> <span style="color:
red;">NOTICE:</span> Pay attention - external email -
Sender is
<a class="moz-txt-link-abbreviated" href="mailto:0100018336965856-f5f1fdca-d4be-4d8d-be80-203cb973920b-000000@amazonses.com">0100018336965856-f5f1fdca-d4be-4d8d-be80-203cb973920b-000000@amazonses.com</a>
</td>
</tr>
</tbody>
</table>
<br>
</div>
<br>
In addition, we should clarify which countryName is expected in
the
subject of the certificate in the "sponsor-validated" profile.
<br>
<br>
Since the subject:organizationName is mandatory, it is expected
that the subject:countryName is the Country of the Organization,
not the individual. This could be added in the Note of section
7.1.4.2.5.
<br>
<br>
In the same section, 7.1.4.2.5 the subject:countryName should be
updated to a SHALL for all cases (Legacy, Multipurpose, Strict).
<br>
<br>
ETSI Certificates (See ETSI EN 319 412-2 section 4.2.4) require
the
countryName even for certificates issued to Natural Persons which
makes the countryName a potential SHALL under 7.1.4.2.6
(individual-validated profile). The CA always knows and validates
the country of the individual because it is related to the
identity
document that the CA verifies.
<br>
<br>
<br>
Thank you for considering these changes,
<br>
Dimitris.
<br>
<br>
<div class="moz-cite-prefix">On 13/9/2022 1:24 μ.μ., Dimitris
Zacharopoulos (HARICA) via Smcwg-public wrote:<br>
</div>
<blockquote type="cite"
cite="mid:0100018336616c58-8faf3dfe-831a-4673-9f32-c9972566fe20-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<div class="moz-cite-prefix"><br>
After a more detailed review by the HARICA team, we noticed
some
areas of concern that we hope will be considered for update by
the
authors and endorsers of this ballot.<br>
<ul>
<li>7.1.2.3 c</li>
<ul>
<li>authorityInformationAccess (<b>SHALL</b> be present)
->
authorityInformationAccess (<b>SHOULD</b> be present)
[Rationale:
OCSP is not currently required for S/MIME Certificates
by all
Certificate Consumers. Only Microsoft Root Program
requires it and
perhaps this is due to a copy-over from the TLS BRs
without
performing a technical analysis specifically on S/MIME
or
clientAuth or codeSigning Certificates. The CSCWG
already removed
the requirement for OCSP in Subscriber Certificates in
the
CSBRs].<br>
</li>
<li>The authorityInformationAccess extension <b>SHALL</b>
contain
at least one accessMethod value of type id-ad-ocsp that
specifies
the URI of the Issuing CA’s OCSP responder. -> The
authorityInformationAccess extension <b>MAY</b> contain
at least
one accessMethod value of type id-ad-ocsp that specifies
the URI of
the Issuing CA’s OCSP responder. [Rationale: same as
above]<br>
</li>
</ul>
<li>7.1.4.2.4 Subject DN attributes for
organization-validated
profile and 7.1.4.2.5 Subject DN attributes for
sponsor-validated
profile<br>
subject:countryName <b>MAY</b> ->
subject:countryName <b>SHALL</b> [Rationale: Organization
Names
must contain a Country Name to indicate where this
Organization is
located. This applies to the organization-validated and
the
sponsor-validated profile. It is also referenced in
Appendix A -
Registration Schemes]</li>
</ul>
<br>
Thank you,<br>
Dimitris.<br>
<br>
<br>
On 8/9/2022 10:03 π.μ., Stephen Davidson via Smcwg-public
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:010001831be8d4bb-12e7e189-fc13-4096-bd40-4443b2b20162-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin-top:0in;
margin-right:0in;
margin-bottom:8.0pt;
margin-left:0in;
line-height:106%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}div.WordSection1
{page:WordSection1;}</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p style="margin:0in;background:white"><strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in">
Ballot SMC01: Final Guideline for “S/MIME Baseline
Requirements”
<o:p></o:p></span></strong></p>
<p style="margin:0in;background:white"><strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in">
<o:p> </o:p></span></strong></p>
<p style="margin:0in;background:white"><strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in">
Purpose of Ballot:</span></strong><o:p></o:p></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;line-height:106%;font-family:"Arial",sans-serif;color:#333333">The
S/MIME Certificate Working Group was chartered to
discuss,
adopt, and maintain policies, frameworks, and standards
for the
issuance and management of Publicly-Trusted S/MIME
Certificates. This ballot adopts a new “S/MIME Baseline
Requirements” that includes requirements for
verification of
control over email addresses, identity validation for
natural
persons and legal entities, key management and
certificate
lifecycle, certificate profiles for S/MIME Certificates
and Issuing
CA Certificates, as well as CA operational and audit
practices.<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">An
S/MIME Certificate for the purposes of this document can
be
identified by the existence of an Extended Key Usage
(EKU) for
id-kp-emailProtection (OID: 1.3.6.1.5.5.7.3.4) and the
inclusion of
a rfc822Name or an otherName of type
id-on-SmtpUTF8Mailbox in the
subjectAltName extension in the Certificate.<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;background:white">The
following motion has been proposed by Stephen Davidson
of
DigiCert and endorsed by Martijn Katerbarg of Sectigo
and Ben
Wilson of Mozilla.</span><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in">
Charter Voting References</span></strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><span
style="color:black"><a
href="https://github.com/cabforum/servercert/blob/e6ad111f4477010cbff409cd939c5ac1c7c85ccc/docs/SMCWG-charter.md#51-voting-structure"
moz-do-not-send="true"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif">Section
5.1 (“Voting Structure”)</span></a></span> <span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">of
the SMCWG Charter says:<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">In
order for a ballot to be adopted by the SMCWG,
two-thirds or
more of the votes cast by the Certificate Issuers must
be in favor
of the ballot and more than 50% of the votes cast by the
Certificate Consumers must be in favor of the ballot. At
least one
member of each class must vote in favor of a ballot for
it to be
adopted. Quorum is the average number of Member
organizations
(cumulative, regardless of Class) that have participated
in the
previous three (3) SMCWG Meetings or Teleconferences
(not counting
subcommittee meetings thereof).<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in">
— MOTION BEGINS —</span></strong><b><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in"><br>
</span></b> <span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><br>
This ballot adopts the “Baseline Requirements for the
Issuance and
Management of Publicly-Trusted S/MIME Certificates”
(“S/MIME
Baseline Requirements”) as Version 1.0.0.<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">The
proposed S/MIME Baseline Requirements may be found at <a
href="https://github.com/cabforum/smime/compare/7b3ab3c55dd92052a8dc0d4f85a2ac26269c222e...28c0b904fe54f1c5f6c71d18c4786a3e02c76f52"
moz-do-not-send="true" class="moz-txt-link-freetext">https://github.com/cabforum/smime/compare/7b3ab3c55dd92052a8dc0d4f85a2ac26269c222e...28c0b904fe54f1c5f6c71d18c4786a3e02c76f52</a>
or the attached document.<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">The
SMCWG Chair or Vice-Chair is permitted to update the
Relevant
Dates and Version Number of the S/MIME Baseline
Requirements to
reflect final dates.<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in">
— MOTION ENDS —</span></strong><b><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in"><br>
</span></b> <span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><br>
This ballot proposes a Final Guideline. The procedure
for approval
of this ballot is as follows:<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">Discussion
(7+ days)</span><span style="color:black"><br>
</span>
<span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">Start
Time: 8 September 2022 17:00 UTC</span><span
style="color:black"><br>
</span> <span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">End
Time: 15 September 2022 17:00 UTC<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">Vote
for approval (7 days)</span><span style="color:black"><br>
</span> <span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">Start
Time: 15 September 2022 17:00 UTC</span><span
style="color:black"><br>
</span> <span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">End
Time: 22 September 2022 17:00 UTC<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">IPR
Review (60 days)<o:p></o:p></span></p>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Smcwg-public mailing list
<a class="moz-txt-link-abbreviated moz-txt-link-freetext" href="mailto:Smcwg-public@cabforum.org" moz-do-not-send="true">Smcwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/smcwg-public" moz-do-not-send="true">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Smcwg-public mailing list
<a class="moz-txt-link-abbreviated moz-txt-link-freetext" href="mailto:Smcwg-public@cabforum.org" moz-do-not-send="true">Smcwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/smcwg-public" moz-do-not-send="true">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Smcwg-public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Smcwg-public@cabforum.org">Smcwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/smcwg-public">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a>
</pre>
</blockquote>
</body>
</html>