<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin-top:0cm;
margin-right:0cm;
margin-bottom:8.0pt;
margin-left:0cm;
line-height:105%;
font-size:10.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:8.0pt;
margin-left:36.0pt;
line-height:105%;
font-size:10.0pt;
font-family:"Calibri",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.E-MailFormatvorlage19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.E-MailFormatvorlage21
{mso-style-type:personal-reply;
font-family:"Arial",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:460928089;
mso-list-type:hybrid;
mso-list-template-ids:-1821859210 575337854 67567619 67567621 67567617 67567619 67567621 67567617 67567619 67567621;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Arial",sans-serif;
mso-fareast-font-family:"Times New Roman";}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1337995426;
mso-list-type:hybrid;
mso-list-template-ids:-1720259644 347083408 67567619 67567621 67567617 67567619 67567621 67567617 67567619 67567621;}
@list l1:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Arial",sans-serif;
mso-fareast-font-family:"Times New Roman";}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="DE" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-GB" style="line-height:105%;font-family:"Arial",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Dear Stephen, Dear all,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="line-height:105%;font-family:"Arial",sans-serif;color:#1F497D;mso-fareast-language:EN-US">I just realized one issue with regard to auditing and I am very sorry that I didn’t realize it earlier in one of the many
times I read through the draft during its creation.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="line-height:105%;font-family:"Arial",sans-serif;color:#1F497D;mso-fareast-language:EN-US">In section 8.2, number 4 it is written: "(For audits conducted in accordance with any one of the ETSI standards)accredited
in accordance with ISO 17065 applying the requirements specified in ETSI EN 319 403;" However, since some time the ETSI EN 319 403-1 has been released as successor of 319 403. At the time being, both versions are valid and can be used for CAB accreditation.
I assume most CAB’s are on their way to migrate accreditation to the newer 403-1, some have already finished. Hence, section 8.2 number 4 should be amended as follows:<br>
"(For audits conducted in accordance with any one of the ETSI standards)accredited in accordance with ISO 17065 applying the requirements specified in ETSI EN 319 403<i> or ETSI EN 319 403-1</i>;"<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="line-height:105%;font-family:"Arial",sans-serif;color:#1F497D;mso-fareast-language:EN-US">In addition, a reference to the new version should be added to section 1.6.3:<br>
<i>“ETSI EN 319 403-1, Electronic Signatures and Infrastructures (ESI); Trust Service Provider Conformity Assessment; Part 1:</i></span><i><span lang="EN-GB" style="line-height:105%;font-family:"Cambria Math",serif;color:#1F497D;mso-fareast-language:EN-US">‐</span></i><i><span lang="EN-GB" style="line-height:105%;font-family:"Arial",sans-serif;color:#1F497D;mso-fareast-language:EN-US">
Requirements for conformity assessment bodies assessing Trust Service Providers”</span></i><span lang="EN-GB" style="line-height:105%;font-family:"Arial",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="line-height:105%;font-family:"Arial",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="line-height:105%;font-family:"Arial",sans-serif;color:#1F497D;mso-fareast-language:EN-US">I also noticed one other thing:<br>
In the provided PDF there are some sections with tables, where text of the first two columns partly overlay each other. I found examples in sections 7.1.2.3 e), 7.1.4.2.5 and 7.1.4.2.6. I realize that this is only an issue of presentation and not of content,
but nevertheless, maybe there is a way to fix it.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="line-height:105%;font-family:"Arial",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Best regards<br>
Matthias<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-bottom:0cm;margin-bottom:.0001pt;line-height:normal">
<b><span style="font-size:11.0pt">Von:</span></b><span style="font-size:11.0pt"> Smcwg-public <smcwg-public-bounces@cabforum.org>
<b>Im Auftrag von </b>Stephen Davidson via Smcwg-public<br>
<b>Gesendet:</b> Donnerstag, 8. September 2022 09:03<br>
<b>An:</b> smcwg-public@cabforum.org<br>
<b>Betreff:</b> [Smcwg-public] Ballot SMC01: Final Guideline for “S/MIME Baseline Requirements”<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><strong><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none windowtext 1.0pt;padding:0cm">Ballot SMC01: Final Guideline for “S/MIME Baseline Requirements”
</span></strong><strong><span lang="EN-US" style="font-family:"Arial",sans-serif;color:#333333;border:none windowtext 1.0pt;padding:0cm"><o:p></o:p></span></strong></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><strong><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none windowtext 1.0pt;padding:0cm"><o:p> </o:p></span></strong></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><strong><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none windowtext 1.0pt;padding:0cm">Purpose of Ballot:</span></strong><o:p></o:p></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Arial",sans-serif;color:#333333">The S/MIME Certificate Working Group was chartered to discuss, adopt, and maintain policies, frameworks, and standards for the issuance and management of Publicly-Trusted
S/MIME Certificates. This ballot adopts a new “S/MIME Baseline Requirements” that includes requirements for verification of control over email addresses, identity validation for natural persons and legal entities, key management and certificate lifecycle,
certificate profiles for S/MIME Certificates and Issuing CA Certificates, as well as CA operational and audit practices.<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">An S/MIME Certificate for the purposes of this document can be identified by the existence of an Extended Key
Usage (EKU) for id-kp-emailProtection (OID: 1.3.6.1.5.5.7.3.4) and the inclusion of a rfc822Name or an otherName of type id-on-SmtpUTF8Mailbox in the subjectAltName extension in the Certificate.<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;background:white">The following motion has been proposed by Stephen Davidson of DigiCert and endorsed by Martijn
Katerbarg of Sectigo and Ben Wilson of Mozilla.</span><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><strong><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none windowtext 1.0pt;padding:0cm">Charter Voting References</span></strong><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="color:black"><a href="https://github.com/cabforum/servercert/blob/e6ad111f4477010cbff409cd939c5ac1c7c85ccc/docs/SMCWG-charter.md#51-voting-structure"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Section
5.1 (“Voting Structure”)</span></a></span><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"> of the SMCWG Charter says:<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">In order for a ballot to be adopted by the SMCWG, two-thirds or more of the votes cast by the Certificate Issuers
must be in favor of the ballot and more than 50% of the votes cast by the Certificate Consumers must be in favor of the ballot. At least one member of each class must vote in favor of a ballot for it to be adopted. Quorum is the average number of Member organizations
(cumulative, regardless of Class) that have participated in the previous three (3) SMCWG Meetings or Teleconferences (not counting subcommittee meetings thereof).<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><strong><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none windowtext 1.0pt;padding:0cm">— MOTION BEGINS —</span></strong><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none windowtext 1.0pt;padding:0cm"><br>
</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><br>
This ballot adopts the “Baseline Requirements for the Issuance and Management of Publicly-Trusted S/MIME Certificates” (“S/MIME Baseline Requirements”) as Version 1.0.0.<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">The proposed S/MIME Baseline Requirements may be found at
<a href="https://github.com/cabforum/smime/compare/7b3ab3c55dd92052a8dc0d4f85a2ac26269c222e...28c0b904fe54f1c5f6c71d18c4786a3e02c76f52">
https://github.com/cabforum/smime/compare/7b3ab3c55dd92052a8dc0d4f85a2ac26269c222e...28c0b904fe54f1c5f6c71d18c4786a3e02c76f52</a> or the attached document.<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">The SMCWG Chair or Vice-Chair is permitted to update the Relevant Dates and Version Number of the S/MIME Baseline
Requirements to reflect final dates.<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><strong><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none windowtext 1.0pt;padding:0cm">— MOTION ENDS —</span></strong><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333;border:none windowtext 1.0pt;padding:0cm"><br>
</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><br>
This ballot proposes a Final Guideline. The procedure for approval of this ballot is as follows:<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">Discussion (7+ days)</span><span lang="EN-US" style="color:black"><br>
</span><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">Start Time: 8 September 2022 17:00 UTC</span><span lang="EN-US" style="color:black"><br>
</span><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">End Time: 15 September 2022 17:00 UTC<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">Vote for approval (7 days)</span><span lang="EN-US" style="color:black"><br>
</span><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">Start Time: 15 September 2022 17:00 UTC</span><span lang="EN-US" style="color:black"><br>
</span><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">End Time: 22 September 2022 17:00 UTC<o:p></o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333"><o:p> </o:p></span></p>
<p style="margin:0cm;margin-bottom:.0001pt;background:white"><span lang="EN-US" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#333333">IPR Review (60 days)<o:p></o:p></span></p>
</div>
<pre><font face="arial,helvetica,sans-serif" size="1">
<strong>______________________________________________________________________________________________________________________</strong>
<strong>Sitz der Gesellschaft/Headquarter:</strong> TÜV Informationstechnik GmbH * Am TÜV 1 * 45307 Essen, Germany
<strong>Registergericht/Register Court:</strong> Amtsgericht/Local Court Essen * HRB 11687 * USt.-IdNr./VAT No.: DE 176132277 * Steuer-Nr./Tax No.: 111/57062251
<strong>Geschäftsführung/Management Board:</strong> Dirk Kretzschmar
</font></pre>
<br>
<pre><font face="arial,helvetica,sans-serif" size="3" color="#000000"><b>TÜV NORD GROUP</b></font>
<font face="arial,helvetica,sans-serif" size="1" color="#000000">Expertise for your Success
</font></pre>
<pre><font face="arial,helvetica,sans-serif" size="1" color="#000000"><b>Please visit our website: <a href="http://www.tuv-nord.com">www.tuv-nord.com</a>
Besuchen Sie unseren Internetauftritt: <a href="http://www.tuev-nord.de">www.tuev-nord.de</a></b></font></pre>
</body>
</html>