<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>All,</p>
<p>I apologize for raising doubts at the very "last minute", but
since the SMC BR are about to be put to the vote, I wanted to give
them a complete re-reading and I noticed a passage that leaves me
a little perplexed.<br>
</p>
Maybe this aspect was discussed at length, but then I missed that
discussion - sorry about that (in case).<br>
<p>Under "<span class="fontstyle0">3.2.4.2 Validation of individual
identity</span>" we have the following sentence:</p>
<p>
<blockquote type="cite"><span class="fontstyle0">The CA or RA MAY
use manual (in person) or remote procedures. A remote process
SHALL ensure that the Applicant has the document in hand and
presents the document <i>in real‐time </i>in front of a
camera.</span> <br style=" font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: 2; text-align: -webkit-auto;
text-indent: 0px; text-transform: none; white-space: normal;
widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px; ">
</blockquote>
</p>
<p>Where did we borrow "in real-time" from? Not from the TLS BR nor
from EVGL, it seems. <br>
</p>
<p>What's the rationale for that? It seems too demanding, to me, for
S/MIME certificates.</p>
<p>Several CAs that I am aware of are doing individual identity
verification (for S/MIME certificates) based on a Photo ID and a
selfie (showing both the Applicant and his/her Photo ID), and this
latter is not required to be taken in "real time".<br>
</p>
<p>I am therefore a bit surprised that all the people here agree on
this "in real time" which implies the non-compliance of current
procedures and the need to move to more complex and more expensive
procedures. Seems a bit excessive for S/MIME certificates.<br>
</p>
Adriano
<p><br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">Il 14/10/2022 20:12, Stephen Davidson
via Smcwg-public ha scritto:<br>
</div>
<blockquote type="cite"
cite="mid:01000183d7b27b10-4ccf8875-64fd-49e8-817e-0df9fe3a5117-000000@email.amazonses.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin-top:0in;
margin-right:0in;
margin-bottom:8.0pt;
margin-left:0in;
line-height:106%;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:"Calibri",sans-serif;}.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}div.WordSection1
{page:WordSection1;}</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<title></title>
<div align="center">
<table width="30%" cellspacing="2" cellpadding="2" border="1">
<tbody>
<tr>
<td valign="top" bgcolor="#ffff00"> <span style="color:
red;">NOTICE:</span> Pay attention - external email -
Sender is
<a class="moz-txt-link-abbreviated" href="mailto:01000183d7b27b10-4ccf8875-64fd-49e8-817e-0df9fe3a5117-000000@amazonses.com">01000183d7b27b10-4ccf8875-64fd-49e8-817e-0df9fe3a5117-000000@amazonses.com</a>
</td>
</tr>
</tbody>
</table>
<br>
</div>
<br>
<div class="WordSection1">
<p class="MsoPlainText"><b>Ballot SMC01v3: Final Guideline for
“S/MIME Baseline Requirements” <o:p></o:p></b></p>
<p class="MsoPlainText"><b><o:p> </o:p></b></p>
<p class="MsoPlainText"><i>Note: the voting period for this
ballot
will commence following the SMCWG session at the upcoming
CA/B
Forum face-to-face Meeting 57.<o:p></o:p></i></p>
<p class="MsoPlainText"><b><o:p> </o:p></b></p>
<p class="MsoPlainText"><b>Purpose of Ballot:<o:p></o:p></b></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">The S/MIME Certificate Working Group was
chartered to discuss, adopt, and maintain policies,
frameworks, and
standards for the issuance and management of Publicly-Trusted
S/MIME Certificates. This ballot adopts a new “S/MIME
Baseline Requirements” that includes requirements for
verification
of control over email addresses, identity validation for
natural
persons and legal entities, key management and certificate
lifecycle, certificate profiles for S/MIME Certificates and
Issuing
CA Certificates, as well as CA operational and audit
practices.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">An S/MIME Certificate for the purposes
of
this document can be identified by the existence of an
Extended Key
Usage (EKU) for id-kp-emailProtection (OID: 1.3.6.1.5.5.7.3.4)
and
the inclusion of a rfc822Name or an otherName of type
id-on-SmtpUTF8Mailbox in the subjectAltName extension in the
Certificate.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">The following motion has been proposed
by
Stephen Davidson of DigiCert and endorsed by Martijn Katerbarg
of
Sectigo and Ben Wilson of Mozilla.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">In accordance with the By-Laws, the
discussion period has been extended with the distribution of
this
new version of the ballot, incorporating content that arose
during
the discussion period including regarding the use of
suspension and
updating ETSI references in section 8.2.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><b>Charter Voting
References<o:p></o:p></b></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Section 5.1 (“Voting Structure”) of the
SMCWG Charter says:<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">In order for a ballot to be adopted by
the
SMCWG, two-thirds or more of the votes cast by the Certificate
Issuers must be in favor of the ballot and more than 50% of
the
votes cast by the Certificate Consumers must be in favor of
the
ballot. At least one member of each class must vote in favor
of a
ballot for it to be adopted. Quorum is the average number of
Member
organizations (cumulative, regardless of Class) that have
participated in the previous three (3) SMCWG Meetings or
Teleconferences (not counting subcommittee meetings
thereof).<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><b>— MOTION BEGINS —<o:p></o:p></b></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">This ballot adopts the “Baseline
Requirements for the Issuance and Management of
Publicly-Trusted
S/MIME Certificates” (“S/MIME Baseline Requirements”) as
Version
1.0.0.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">The proposed S/MIME Baseline
Requirements
may be found at <a
href="https://github.com/cabforum/smime/pull/178/files"
moz-do-not-send="true" class="moz-txt-link-freetext">https://github.com/cabforum/smime/pull/178/files</a>
or the attached document. A redline of changes since the
SMC01 Ballot discussion started may be found at <a
href="https://github.com/cabforum/smime/compare/28c0b904fe54f1c5f6c71d18c4786a3e02c76f52...b1ff7867dc85392e4c57b1993ed571e61e34dee2"
moz-do-not-send="true" class="moz-txt-link-freetext">
https://github.com/cabforum/smime/compare/28c0b904fe54f1c5f6c71d18c4786a3e02c76f52...b1ff7867dc85392e4c57b1993ed571e61e34dee2</a>
<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">The SMCWG Chair or Vice-Chair is
permitted
to update the Relevant Dates and Version Number of the S/MIME
Baseline Requirements to reflect final dates.<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><b>— MOTION ENDS —<o:p></o:p></b></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">This ballot proposes a Final Guideline.
The
procedure for approval of this ballot is as follows:<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Discussion (7+ days)<o:p></o:p></p>
<p class="MsoPlainText">Start Time: 14 October 2022 14:00 ET (US
Eastern)<o:p></o:p></p>
<p class="MsoPlainText">End Time: not before 21 October 2022
14:00
ET (US Eastern)<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Vote for approval (7 days)<o:p></o:p></p>
<p class="MsoPlainText">Start Time: To be confirmed<o:p></o:p></p>
<p class="MsoPlainText">End Time: To be confirmed<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">IPR Review (60 days)<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Smcwg-public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Smcwg-public@cabforum.org">Smcwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/smcwg-public">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a>
</pre>
</blockquote>
</body>
</html>