<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Also, I just realized that S/MIME signatures (which I apply to
all my emails) are not preserved in this discussion list, which is
rather disappointing and particularly contradictory for a list
devoted to S/MIME.</p>
<p>I am sure this is not due to bad will, but nonetheless...<br>
</p>
<p>Adriano</p>
<p><br>
</p>
<div class="moz-cite-prefix">Il 13/09/2022 14:17, Adriano Santoni
via Smcwg-public ha scritto:<br>
</div>
<blockquote type="cite"
cite="mid:0100018336c8898a-9aeb3143-ef9b-4229-8a52-b2612f7d81af-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p><font face="Calibri">I fully concur with Dimitris.</font></p>
<p><font face="Calibri">Adriano</font></p>
<p><br>
</p>
<div class="moz-cite-prefix">Il 13/09/2022 13:22, Dimitris
Zacharopoulos (HARICA) via Smcwg-public ha scritto:<br>
</div>
<blockquote type="cite"
cite="mid:0100018336965856-f5f1fdca-d4be-4d8d-be80-203cb973920b-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<title></title>
<div align="center">
<table width="30%" cellspacing="2" cellpadding="2" border="1">
<tbody>
<tr>
<td valign="top" bgcolor="#ffff00"> <span style="color:
red;">NOTICE:</span> Pay attention - external email
- Sender is
<a class="moz-txt-link-abbreviated
moz-txt-link-freetext"
href="mailto:0100018336965856-f5f1fdca-d4be-4d8d-be80-203cb973920b-000000@amazonses.com"
moz-do-not-send="true">0100018336965856-f5f1fdca-d4be-4d8d-be80-203cb973920b-000000@amazonses.com</a>
</td>
</tr>
</tbody>
</table>
<br>
</div>
<br>
In addition, we should clarify which countryName is expected in
the subject of the certificate in the "sponsor-validated"
profile. <br>
<br>
Since the subject:organizationName is mandatory, it is expected
that the subject:countryName is the Country of the Organization,
not the individual. This could be added in the Note of section
7.1.4.2.5. <br>
<br>
In the same section, 7.1.4.2.5 the subject:countryName should be
updated to a SHALL for all cases (Legacy, Multipurpose, Strict).
<br>
<br>
ETSI Certificates (See ETSI EN 319 412-2 section 4.2.4) require
the countryName even for certificates issued to Natural Persons
which makes the countryName a potential SHALL under 7.1.4.2.6
(individual-validated profile). The CA always knows and
validates the country of the individual because it is related to
the identity document that the CA verifies. <br>
<br>
<br>
Thank you for considering these changes, <br>
Dimitris. <br>
<br>
<div class="moz-cite-prefix">On 13/9/2022 1:24 μ.μ., Dimitris
Zacharopoulos (HARICA) via Smcwg-public wrote:<br>
</div>
<blockquote type="cite"
cite="mid:0100018336616c58-8faf3dfe-831a-4673-9f32-c9972566fe20-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<div class="moz-cite-prefix"><br>
After a more detailed review by the HARICA team, we noticed
some areas of concern that we hope will be considered for
update by the authors and endorsers of this ballot.<br>
<ul>
<li>7.1.2.3 c</li>
<ul>
<li>authorityInformationAccess (<b>SHALL</b> be present)
-> authorityInformationAccess (<b>SHOULD</b> be
present) [Rationale: OCSP is not currently required
for S/MIME Certificates by all Certificate Consumers.
Only Microsoft Root Program requires it and perhaps
this is due to a copy-over from the TLS BRs without
performing a technical analysis specifically on S/MIME
or clientAuth or codeSigning Certificates. The CSCWG
already removed the requirement for OCSP in Subscriber
Certificates in the CSBRs].<br>
</li>
<li>The authorityInformationAccess extension <b>SHALL</b>
contain at least one accessMethod value of type
id-ad-ocsp that specifies the URI of the Issuing CA’s
OCSP responder. -> The authorityInformationAccess
extension <b>MAY</b> contain at least one
accessMethod value of type id-ad-ocsp that specifies
the URI of the Issuing CA’s OCSP responder.
[Rationale: same as above]<br>
</li>
</ul>
<li>7.1.4.2.4 Subject DN attributes for
organization-validated profile and 7.1.4.2.5 Subject DN
attributes for sponsor-validated profile<br>
subject:countryName <b>MAY</b> ->
subject:countryName <b>SHALL</b> [Rationale:
Organization Names must contain a Country Name to
indicate where this Organization is located. This
applies to the organization-validated and the
sponsor-validated profile. It is also referenced in
Appendix A - Registration Schemes]</li>
</ul>
<br>
Thank you,<br>
Dimitris.<br>
<br>
<br>
On 8/9/2022 10:03 π.μ., Stephen Davidson via Smcwg-public
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:010001831be8d4bb-12e7e189-fc13-4096-bd40-4443b2b20162-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin-top:0in;
margin-right:0in;
margin-bottom:8.0pt;
margin-left:0in;
line-height:106%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}div.WordSection1
{page:WordSection1;}</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p style="margin:0in;background:white"><strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in"> Ballot SMC01: Final
Guideline for “S/MIME Baseline Requirements” <o:p></o:p></span></strong></p>
<p style="margin:0in;background:white"><strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in"> <o:p> </o:p></span></strong></p>
<p style="margin:0in;background:white"><strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in"> Purpose of Ballot:</span></strong><o:p></o:p></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;line-height:106%;font-family:"Arial",sans-serif;color:#333333">The
S/MIME Certificate Working Group was chartered to
discuss, adopt, and maintain policies, frameworks, and
standards for the issuance and management of
Publicly-Trusted S/MIME Certificates. This ballot
adopts a new “S/MIME Baseline Requirements” that
includes requirements for verification of control over
email addresses, identity validation for natural
persons and legal entities, key management and
certificate lifecycle, certificate profiles for S/MIME
Certificates and Issuing CA Certificates, as well as
CA operational and audit practices.<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">An
S/MIME Certificate for the purposes of this document
can be identified by the existence of an Extended Key
Usage (EKU) for id-kp-emailProtection (OID:
1.3.6.1.5.5.7.3.4) and the inclusion of a rfc822Name
or an otherName of type id-on-SmtpUTF8Mailbox in the
subjectAltName extension in the Certificate.<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;background:white">The
following motion has been proposed by Stephen Davidson
of DigiCert and endorsed by Martijn Katerbarg of
Sectigo and Ben Wilson of Mozilla.</span><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in"> Charter Voting
References</span></strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><span
style="color:black"><a
href="https://github.com/cabforum/servercert/blob/e6ad111f4477010cbff409cd939c5ac1c7c85ccc/docs/SMCWG-charter.md#51-voting-structure"
moz-do-not-send="true"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif">Section
5.1 (“Voting Structure”)</span></a></span> <span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">of
the SMCWG Charter says:<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">In
order for a ballot to be adopted by the SMCWG,
two-thirds or more of the votes cast by the
Certificate Issuers must be in favor of the ballot and
more than 50% of the votes cast by the Certificate
Consumers must be in favor of the ballot. At least one
member of each class must vote in favor of a ballot
for it to be adopted. Quorum is the average number of
Member organizations (cumulative, regardless of Class)
that have participated in the previous three (3) SMCWG
Meetings or Teleconferences (not counting subcommittee
meetings thereof).<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in"> — MOTION BEGINS —</span></strong><b><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in"><br>
</span></b> <span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><br>
This ballot adopts the “Baseline Requirements for the
Issuance and Management of Publicly-Trusted S/MIME
Certificates” (“S/MIME Baseline Requirements”) as
Version 1.0.0.<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">The
proposed S/MIME Baseline Requirements may be found at
<a
href="https://github.com/cabforum/smime/compare/7b3ab3c55dd92052a8dc0d4f85a2ac26269c222e...28c0b904fe54f1c5f6c71d18c4786a3e02c76f52"
moz-do-not-send="true" class="moz-txt-link-freetext">https://github.com/cabforum/smime/compare/7b3ab3c55dd92052a8dc0d4f85a2ac26269c222e...28c0b904fe54f1c5f6c71d18c4786a3e02c76f52</a>
or the attached document.<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">The
SMCWG Chair or Vice-Chair is permitted to update the
Relevant Dates and Version Number of the S/MIME
Baseline Requirements to reflect final dates.<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><strong><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in"> — MOTION ENDS —</span></strong><b><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none
windowtext 1.0pt;padding:0in"><br>
</span></b> <span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><br>
This ballot proposes a Final Guideline. The procedure
for approval of this ballot is as follows:<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">Discussion
(7+ days)</span><span style="color:black"><br>
</span> <span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">Start
Time: 8 September 2022 17:00 UTC</span><span
style="color:black"><br>
</span> <span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">End
Time: 15 September 2022 17:00 UTC<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">Vote
for approval (7 days)</span><span style="color:black"><br>
</span> <span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">Start
Time: 15 September 2022 17:00 UTC</span><span
style="color:black"><br>
</span> <span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">End
Time: 22 September 2022 17:00 UTC<o:p></o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0in;background:white"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">IPR
Review (60 days)<o:p></o:p></span></p>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Smcwg-public mailing list
<a class="moz-txt-link-abbreviated moz-txt-link-freetext" href="mailto:Smcwg-public@cabforum.org" moz-do-not-send="true">Smcwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/smcwg-public" moz-do-not-send="true">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Smcwg-public mailing list
<a class="moz-txt-link-abbreviated moz-txt-link-freetext" href="mailto:Smcwg-public@cabforum.org" moz-do-not-send="true">Smcwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/smcwg-public" moz-do-not-send="true">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Smcwg-public mailing list
<a class="moz-txt-link-abbreviated moz-txt-link-freetext" href="mailto:Smcwg-public@cabforum.org" moz-do-not-send="true">Smcwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/smcwg-public" moz-do-not-send="true">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a>
</pre>
</blockquote>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Smcwg-public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Smcwg-public@cabforum.org">Smcwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/smcwg-public">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a>
</pre>
</blockquote>
</body>
</html>