<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix"><br>
After a more detailed review by the HARICA team, we noticed some
areas of concern that we hope will be considered for update by the
authors and endorsers of this ballot.<br>
<ul>
<li>7.1.2.3 c</li>
<ul>
<li>authorityInformationAccess (<b>SHALL </b>be present)
-> authorityInformationAccess (<b>SHOULD </b>be present)
[Rationale: OCSP is not currently required for S/MIME
Certificates by all Certificate Consumers. Only Microsoft
Root Program requires it and perhaps this is due to a
copy-over from the TLS BRs without performing a technical
analysis specifically on S/MIME or clientAuth or codeSigning
Certificates. The CSCWG already removed the requirement for
OCSP in Subscriber Certificates in the CSBRs].<br>
</li>
<li>The authorityInformationAccess extension <b>SHALL </b>contain
at least one accessMethod value of type id-ad-ocsp that
specifies the URI of the Issuing CA’s OCSP responder. ->
The authorityInformationAccess extension <b>MAY </b>contain
at least one accessMethod value of type id-ad-ocsp that
specifies the URI of the Issuing CA’s OCSP responder.
[Rationale: same as above]<br>
</li>
</ul>
<li>7.1.4.2.4 Subject DN attributes for organization-validated
profile and 7.1.4.2.5 Subject DN attributes for
sponsor-validated profile<br>
subject:countryName <b>MAY </b>-> subject:countryName
<b>SHALL </b>[Rationale: Organization Names must contain a
Country Name to indicate where this Organization is located.
This applies to the organization-validated and the
sponsor-validated profile. It is also referenced in Appendix A
- Registration Schemes]</li>
<ul>
</ul>
</ul>
<br>
Thank you,<br>
Dimitris.<br>
<br>
<br>
On 8/9/2022 10:03 π.μ., Stephen Davidson via Smcwg-public wrote:<br>
</div>
<blockquote type="cite"
cite="mid:010001831be8d4bb-12e7e189-fc13-4096-bd40-4443b2b20162-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin-top:0in;
margin-right:0in;
margin-bottom:8.0pt;
margin-left:0in;
line-height:106%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}div.WordSection1
{page:WordSection1;}</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p style="margin:0in;background:white"><strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in">Ballot SMC01: Final
Guideline for “S/MIME Baseline Requirements” <o:p></o:p></span></strong></p>
<p style="margin:0in;background:white"><strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in"><o:p> </o:p></span></strong></p>
<p style="margin:0in;background:white"><strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in">Purpose of Ballot:</span></strong><o:p></o:p></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;line-height:106%;font-family:"Arial",sans-serif;color:#333333">The
S/MIME Certificate Working Group was chartered to discuss,
adopt, and maintain policies, frameworks, and standards for
the issuance and management of Publicly-Trusted S/MIME
Certificates. This ballot adopts a new “S/MIME Baseline
Requirements” that includes requirements for verification of
control over email addresses, identity validation for
natural persons and legal entities, key management and
certificate lifecycle, certificate profiles for S/MIME
Certificates and Issuing CA Certificates, as well as CA
operational and audit practices.<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">An
S/MIME Certificate for the purposes of this document can be
identified by the existence of an Extended Key Usage (EKU)
for id-kp-emailProtection (OID: 1.3.6.1.5.5.7.3.4) and the
inclusion of a rfc822Name or an otherName of type
id-on-SmtpUTF8Mailbox in the subjectAltName extension in the
Certificate.<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;background:white">The
following motion has been proposed by Stephen Davidson of
DigiCert and endorsed by Martijn Katerbarg of Sectigo and
Ben Wilson of Mozilla.</span><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in">Charter Voting References</span></strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><span style="color:black"><a
href="https://github.com/cabforum/servercert/blob/e6ad111f4477010cbff409cd939c5ac1c7c85ccc/docs/SMCWG-charter.md#51-voting-structure"
moz-do-not-send="true"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif">Section
5.1 (“Voting Structure”)</span></a></span><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">
of the SMCWG Charter says:<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">In
order for a ballot to be adopted by the SMCWG, two-thirds or
more of the votes cast by the Certificate Issuers must be in
favor of the ballot and more than 50% of the votes cast by
the Certificate Consumers must be in favor of the ballot. At
least one member of each class must vote in favor of a
ballot for it to be adopted. Quorum is the average number of
Member organizations (cumulative, regardless of Class) that
have participated in the previous three (3) SMCWG Meetings
or Teleconferences (not counting subcommittee meetings
thereof).<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in">— MOTION BEGINS —</span></strong><b><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in"><br>
</span></b><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><br>
This ballot adopts the “Baseline Requirements for the
Issuance and Management of Publicly-Trusted S/MIME
Certificates” (“S/MIME Baseline Requirements”) as Version
1.0.0.<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">The
proposed S/MIME Baseline Requirements may be found at <a
href="https://github.com/cabforum/smime/compare/7b3ab3c55dd92052a8dc0d4f85a2ac26269c222e...28c0b904fe54f1c5f6c71d18c4786a3e02c76f52"
moz-do-not-send="true" class="moz-txt-link-freetext">
https://github.com/cabforum/smime/compare/7b3ab3c55dd92052a8dc0d4f85a2ac26269c222e...28c0b904fe54f1c5f6c71d18c4786a3e02c76f52</a>
or the attached document.<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">The
SMCWG Chair or Vice-Chair is permitted to update the
Relevant Dates and Version Number of the S/MIME Baseline
Requirements to reflect final dates.<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in">— MOTION ENDS —</span></strong><b><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in"><br>
</span></b><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><br>
This ballot proposes a Final Guideline. The procedure for
approval of this ballot is as follows:<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">Discussion
(7+ days)</span><span style="color:black"><br>
</span><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">Start
Time: 8 September 2022 17:00 UTC</span><span
style="color:black"><br>
</span><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">End
Time: 15 September 2022 17:00 UTC<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">Vote
for approval (7 days)</span><span style="color:black"><br>
</span><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">Start
Time: 15 September 2022 17:00 UTC</span><span
style="color:black"><br>
</span><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">End
Time: 22 September 2022 17:00 UTC<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">IPR
Review (60 days)<o:p></o:p></span></p>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Smcwg-public mailing list
<a class="moz-txt-link-abbreviated moz-txt-link-freetext" href="mailto:Smcwg-public@cabforum.org">Smcwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/smcwg-public">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a>
</pre>
</blockquote>
<br>
</body>
</html>