<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">These works in Europe are oriented to Qualified Certificates, and legally binding digital signatures.<div class="">We are talking here about S/MIME…</div><div class=""><br class=""></div><div class="">So, yes, this is apples and oranges...<br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On 26 Oct 2022, at 09:13, Tim Hollebeek <<a href="mailto:tim.hollebeek@digicert.com" class="">tim.hollebeek@digicert.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta charset="UTF-8" class=""><div class="WordSection1" style="page: WordSection1; caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">It’s really apples and oranges, but if people want parity, I’d point out that the TLS IV validation has not changed in something like seven years, and were not particularly state of the art at that time. There’s a lot of great work on identity vetting that has been done in the meantime, especially in Europe.<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">If people want to work on updating TLS IV vetting to be more in line with recent standards, that would be a reasonable topic to discuss.<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">-Tim<o:p class=""></o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="border-style: none none none solid; border-left-width: 1.5pt; border-left-color: blue; padding: 0in 0in 0in 4pt;" class=""><div class=""><div style="border-style: solid none none; border-top-width: 1pt; border-top-color: rgb(225, 225, 225); padding: 3pt 0in 0in;" class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class="">From:</b><span class="Apple-converted-space"> </span>Smcwg-public <<a href="mailto:smcwg-public-bounces@cabforum.org" style="color: blue; text-decoration: underline;" class="">smcwg-public-bounces@cabforum.org</a>><span class="Apple-converted-space"> </span><b class="">On Behalf Of<span class="Apple-converted-space"> </span></b>Pedro FUENTES via Smcwg-public<br class=""><b class="">Sent:</b><span class="Apple-converted-space"> </span>Tuesday, October 25, 2022 10:58 AM<br class=""><b class="">To:</b><span class="Apple-converted-space"> </span>Adriano Santoni <<a href="mailto:adriano.santoni@staff.aruba.it" style="color: blue; text-decoration: underline;" class="">adriano.santoni@staff.aruba.it</a>>; SMIME Certificate Working Group <<a href="mailto:smcwg-public@cabforum.org" style="color: blue; text-decoration: underline;" class="">smcwg-public@cabforum.org</a>><br class=""><b class="">Subject:</b><span class="Apple-converted-space"> </span>Re: [Smcwg-public] [EXTERNAL]-Re: Ballot SMC01v3: Final Guideline for “S/MIME Baseline Requirements”<o:p class=""></o:p></div></div></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">I share the exact same thoughts on the parallelism in identity validation requirements with for the TLS certificates.<o:p class=""></o:p></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">But this discussion is futile once the voting has just started.<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">BR/P<o:p class=""></o:p></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><br class=""><br class=""><o:p class=""></o:p></div><blockquote style="margin-top: 5pt; margin-bottom: 5pt;" class=""><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">On 25 Oct 2022, at 16:54, Adriano Santoni via Smcwg-public <<a href="mailto:smcwg-public@cabforum.org" style="color: blue; text-decoration: underline;" class="">smcwg-public@cabforum.org</a>> wrote:<o:p class=""></o:p></div></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; caret-color: rgb(0, 0, 0); font-variant-caps: normal; text-align: start; -webkit-text-stroke-width: 0px; word-spacing: 0px;" class=""><span style="font-size: 9pt;" class="">Stephen,</span><span style="font-size: 9pt; font-family: Helvetica, sans-serif;" class=""><o:p class=""></o:p></span></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; caret-color: rgb(0, 0, 0); font-variant-caps: normal; text-align: start; -webkit-text-stroke-width: 0px; word-spacing: 0px;" class=""><span style="font-size: 9pt;" class="">I regret not having participated in the discussion on this issue at the time, and I apologize again for raising this issue only now.<span class="apple-converted-space"> </span></span><span style="font-size: 9pt; font-family: Helvetica, sans-serif;" class=""><o:p class=""></o:p></span></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; caret-color: rgb(0, 0, 0); font-variant-caps: normal; text-align: start; -webkit-text-stroke-width: 0px; word-spacing: 0px;" class=""><span style="font-size: 9pt;" class="">However, I remain of the opinion that the "real time" requirement is an exaggeration for S/MIME certificates (while it is undoubtedly appropriate for eIDAS qualified signature certificates).<span class="apple-converted-space"> </span></span><span style="font-size: 9pt; font-family: Helvetica, sans-serif;" class=""><o:p class=""></o:p></span></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; caret-color: rgb(0, 0, 0); font-variant-caps: normal; text-align: start; -webkit-text-stroke-width: 0px; word-spacing: 0px;" class=""><span style="font-size: 9pt;" class="">Neither Mozilla nor Microsoft require ETSI audits on S/MIME certificates to be based on an NCP type policy: both browser vendors accept the LCP policy, as can be seen from their respective root store program websites. If I am mistaken, please Ben and Karina correct me.</span><span style="font-size: 9pt; font-family: Helvetica, sans-serif;" class=""><o:p class=""></o:p></span></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; caret-color: rgb(0, 0, 0); font-variant-caps: normal; text-align: start; -webkit-text-stroke-width: 0px; word-spacing: 0px;" class=""><span style="font-size: 9pt;" class="">However, if the other CAs reading us here (and especially those that issue IV S/MIME certificates) believe that §<span class="fontstyle0">3.2.4.2</span><span class="apple-converted-space"> </span>is fine AS IS, it is important to realize that it clashes with some (many?) of their current procedures. From the moment these BRs are enacted and referred to by at least one root store policy, those CA's procedures immediately become non-compliant. If everyone realizes this and is okay with it, then it's fine to me too; otherwise let's talk about it.</span><span style="font-size: 9pt; font-family: Helvetica, sans-serif;" class=""><o:p class=""></o:p></span></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; caret-color: rgb(0, 0, 0); font-variant-caps: normal; text-align: start; -webkit-text-stroke-width: 0px; word-spacing: 0px;" class=""><span style="font-size: 9pt; font-family: Helvetica, sans-serif;" class="">I want to point out that I am not questioning the value of "real time" from a security point of view, but I don't understand why an IV S/MIME cert should be more secure than an IV SSL cert (for which no "real time" is required for the scan of a photo id). Both are issued to natural persons and should be equally secure, at least. Indeed, an IV SSL cert should in my opinion be more secure than an IV S/MIME cert, given that its possible insecurity impacts on many more subjects.<o:p class=""></o:p></span></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; caret-color: rgb(0, 0, 0); font-variant-caps: normal; text-align: start; -webkit-text-stroke-width: 0px; word-spacing: 0px;" class=""><span style="font-size: 9pt; font-family: Helvetica, sans-serif;" class="">I am saying this only as a matter of logic, not because it is "a priori" necessary that the SSL BR and the S/MIME BR are aligned.<o:p class=""></o:p></span></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; caret-color: rgb(0, 0, 0); font-variant-caps: normal; text-align: start; -webkit-text-stroke-width: 0px; word-spacing: 0px;" class=""><span style="font-size: 9pt; font-family: Helvetica, sans-serif;" class="">On top of that, I think we all agree that the S/MIME BR should reflect current procedures, at least for the "legacy" generation; how about requiring "real time" for the "strict" generation?<o:p class=""></o:p></span></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; caret-color: rgb(0, 0, 0); font-variant-caps: normal; text-align: start; -webkit-text-stroke-width: 0px; word-spacing: 0px;" class=""><span style="font-size: 9pt; font-family: Helvetica, sans-serif;" class="">Adriano<o:p class=""></o:p></span></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; caret-color: rgb(0, 0, 0); font-variant-caps: normal; text-align: start; -webkit-text-stroke-width: 0px; word-spacing: 0px;" class=""><span style="font-size: 9pt; font-family: Helvetica, sans-serif;" class=""><o:p class=""> </o:p></span></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 9pt; font-family: Helvetica, sans-serif;" class="">Il 25/10/2022 15:38, Stephen Davidson ha scritto:<o:p class=""></o:p></span></div></div><blockquote style="margin-top: 5pt; margin-bottom: 5pt; font-variant-caps: normal; text-align: start; -webkit-text-stroke-width: 0px; word-spacing: 0px;" class=""><div align="center" class=""><table class="MsoNormalTable" border="1" cellpadding="0" width="30%" style="width: 242.328125px;"><tbody class=""><tr class=""><td valign="top" style="background-color: yellow; padding: 1pt;" class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span style="color: red;" class="">NOTICE:</span><span class="apple-converted-space"><span style="" class=""> </span></span><span style="" class="">Pay attention - external email - Sender is<span class="apple-converted-space"> </span><a href="mailto:Stephen.Davidson@digicert.com" style="color: blue; text-decoration: underline;" class=""><span style="color: rgb(5, 99, 193);" class="">Stephen.Davidson@digicert.com</span></a></span><o:p class=""></o:p></div></td></tr></tbody></table></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; text-align: center;" class=""><span style="font-size: 9pt; font-family: Helvetica, sans-serif;" class=""><o:p class=""> </o:p></span></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 9pt; font-family: Helvetica, sans-serif;" class=""><o:p class=""> </o:p></span></div><p class="MsoNormal" style="margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif; line-height: 11.55pt;">Hello Adriano:<o:p class=""></o:p></p><p class="MsoNormal" style="margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif; line-height: 11.55pt;">This text has been in the draft S/MIME BR for close to 10 months and has been reviewed at some length.<o:p class=""></o:p></p><p class="MsoNormal" style="margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif; line-height: 11.55pt;">Certificate Consumers stated that information included in the Subject DN needs to be reliably validated, and that a link needs to be made between the Subject and the cert, whether the Subject is a legal entity or a real natural person.<o:p class=""></o:p></p><p class="MsoNormal" style="margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif; line-height: 11.55pt;">The requirement in question was derived from ETSI TS 119 461, which defines baseline procedures aimed at delivering at the NCP (Normalized Certificate Policy) level.<o:p class=""></o:p></p><p class="MsoNormal" style="margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif; line-height: 11.55pt;">The issue with some legacy practices is that separate images of the ID and a user could be harvested and presented without the Subject’s knowledge. By requiring their linked collection, the standard seeks to improve security in the remote vetting methods.<o:p class=""></o:p></p><p class="MsoNormal" style="margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif; line-height: 11.55pt;">Best, Stephen<o:p class=""></o:p></p><p class="MsoNormal" style="margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif; line-height: 11.55pt;"> <o:p class=""></o:p></p><p class="MsoNormal" style="margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif; line-height: 11.55pt;"> <o:p class=""></o:p></p><div class=""><div style="border-style: solid none none; border-top-width: 1pt; border-top-color: rgb(225, 225, 225); padding: 3pt 0in 0in;" class=""><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class="">From:</b><span class="apple-converted-space"> </span>Smcwg-public<span class="apple-converted-space"> </span><a href="mailto:smcwg-public-bounces@cabforum.org" style="color: blue; text-decoration: underline;" class=""><span style="color: rgb(5, 99, 193);" class=""><smcwg-public-bounces@cabforum.org></span></a><span class="apple-converted-space"> </span><b class="">On Behalf Of</b><span class="apple-converted-space"> </span>Adriano Santoni via Smcwg-public<br class=""><b class="">Sent:</b><span class="apple-converted-space"> </span>Monday, October 24, 2022 5:34 PM<br class=""><b class="">To:</b><span class="apple-converted-space"> </span><a href="mailto:smcwg-public@cabforum.org" style="color: blue; text-decoration: underline;" class=""><span style="color: rgb(5, 99, 193);" class="">smcwg-public@cabforum.org</span></a><br class=""><b class="">Subject:</b><span class="apple-converted-space"> </span>Re: [Smcwg-public] [External Sender] Ballot SMC01v3: Final Guideline for “S/MIME Baseline Requirements”<o:p class=""></o:p></div></div></div></div><p class="MsoNormal" style="margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif; line-height: 11.55pt;"> <o:p class=""></o:p></p><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 9pt; font-family: Helvetica, sans-serif;" class="">All,<o:p class=""></o:p></span></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 9pt; font-family: Helvetica, sans-serif;" class="">I apologize for raising doubts at the very "last minute", but since the SMC BR are about to be put to the vote, I wanted to give them a complete re-reading and I noticed a passage that leaves me a little perplexed.<o:p class=""></o:p></span></div><p class="MsoNormal" style="margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif; line-height: 11.55pt;">Maybe this aspect was discussed at length, but then I missed that discussion - sorry about that (in case).<o:p class=""></o:p></p><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 9pt; font-family: Helvetica, sans-serif;" class="">Under "<span class="fontstyle0">3.2.4.2 Validation of individual identity</span>" we have the following sentence:<o:p class=""></o:p></span></div><blockquote style="margin-top: 5pt; margin-bottom: 5pt;" class=""><p class="MsoNormal" style="margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif; line-height: 11.55pt;"><span class="fontstyle0">The CA or RA MAY use manual (in person) or remote procedures. A remote process SHALL ensure that the Applicant has the document in hand and presents the document</span><span class="apple-converted-space"> </span><span class="fontstyle0"><i class="">in real‐time</i></span><span class="apple-converted-space"> </span><span class="fontstyle0">in front of a camera.</span><o:p class=""></o:p></p></blockquote><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 9pt; font-family: Helvetica, sans-serif;" class="">Where did we borrow "in real-time" from? Not from the TLS BR nor from EVGL, it seems.<span class="apple-converted-space"> </span><o:p class=""></o:p></span></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 9pt; font-family: Helvetica, sans-serif;" class="">What's the rationale for that? It seems too demanding, to me, for S/MIME certificates.<o:p class=""></o:p></span></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 9pt; font-family: Helvetica, sans-serif;" class="">Several CAs that I am aware of are doing individual identity verification (for S/MIME certificates) based on a Photo ID and a selfie (showing both the Applicant and his/her Photo ID), and this latter is not required to be taken in "real time".<o:p class=""></o:p></span></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 9pt; font-family: Helvetica, sans-serif;" class="">I am therefore a bit surprised that all the people here agree on this "in real time" which implies the non-compliance of current procedures and the need to move to more complex and more expensive procedures. Seems a bit excessive for S/MIME certificates.<o:p class=""></o:p></span></div><p class="MsoNormal" style="margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif; line-height: 11.55pt;">Adriano<span class="apple-converted-space"> </span><o:p class=""></o:p></p><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 9pt; font-family: Helvetica, sans-serif;" class=""> <o:p class=""></o:p></span></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 9pt; font-family: Helvetica, sans-serif;" class=""> <o:p class=""></o:p></span></div><div class=""><p class="MsoNormal" style="margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif; line-height: 11.55pt;">Il 14/10/2022 20:12, Stephen Davidson via Smcwg-public ha scritto:<o:p class=""></o:p></p></div><blockquote style="margin-top: 5pt; margin-bottom: 5pt;" class=""><div align="center" class=""><table class="MsoNormalTable" border="1" cellspacing="3" cellpadding="0" width="30%" style="width: 185.15625px;"><tbody class=""><tr class=""><td valign="top" style="background-color: yellow; padding: 1pt;" class=""><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span style="color: red;" class="">NOTICE:</span><span class="apple-converted-space"><span style="" class=""> </span></span><span style="" class="">Pay attention - external email - Sender is<span class="apple-converted-space"> </span><a href="mailto:01000183d7b27b10-4ccf8875-64fd-49e8-817e-0df9fe3a5117-000000@amazonses.com" style="color: blue; text-decoration: underline;" class=""><span style="color: rgb(5, 99, 193);" class="">01000183d7b27b10-4ccf8875-64fd-49e8-817e-0df9fe3a5117-000000@amazonses.com</span></a></span><o:p class=""></o:p></div></div></td></tr></tbody></table></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; text-align: center;" class=""> <o:p class=""></o:p></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class="">Ballot SMC01v3: Final Guideline for “S/MIME Baseline Requirements”</b><o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class=""> </b><o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><i class="">Note: the voting period for this ballot will commence following the SMCWG session at the upcoming CA/B Forum face-to-face Meeting 57.</i><o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class=""> </b><o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class="">Purpose of Ballot:</b><o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">The S/MIME Certificate Working Group was chartered to discuss, adopt, and maintain policies, frameworks, and standards for the issuance and management of Publicly-Trusted S/MIME Certificates. This ballot adopts a new “S/MIME Baseline Requirements” that includes requirements for verification of control over email addresses, identity validation for natural persons and legal entities, key management and certificate lifecycle, certificate profiles for S/MIME Certificates and Issuing CA Certificates, as well as CA operational and audit practices.<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">An S/MIME Certificate for the purposes of this document can be identified by the existence of an Extended Key Usage (EKU) for id-kp-emailProtection (OID: 1.3.6.1.5.5.7.3.4) and the inclusion of a rfc822Name or an otherName of type id-on-SmtpUTF8Mailbox in the subjectAltName extension in the Certificate.<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">The following motion has been proposed by Stephen Davidson of DigiCert and endorsed by Martijn Katerbarg of Sectigo and Ben Wilson of Mozilla.<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">In accordance with the By-Laws, the discussion period has been extended with the distribution of this new version of the ballot, incorporating content that arose during the discussion period including regarding the use of suspension and updating ETSI references in section 8.2.<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class="">Charter Voting References</b><o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Section 5.1 (“Voting Structure”) of the SMCWG Charter says:<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">In order for a ballot to be adopted by the SMCWG, two-thirds or more of the votes cast by the Certificate Issuers must be in favor of the ballot and more than 50% of the votes cast by the Certificate Consumers must be in favor of the ballot. At least one member of each class must vote in favor of a ballot for it to be adopted. Quorum is the average number of Member organizations (cumulative, regardless of Class) that have participated in the previous three (3) SMCWG Meetings or Teleconferences (not counting subcommittee meetings thereof).<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class="">— MOTION BEGINS —</b><o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">This ballot adopts the “Baseline Requirements for the Issuance and Management of Publicly-Trusted S/MIME Certificates” (“S/MIME Baseline Requirements”) as Version 1.0.0.<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">The proposed S/MIME Baseline Requirements may be found at<span class="apple-converted-space"> </span><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_cabforum_smime_pull_178_files&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=eAcAJg7itXZRmAlXshymUW0TZ5HnBHQtF21zSfT5h5s&m=KBuQclN2SfCC3W6zMNTTIglSP40byG_PyLDtfvXMTEI&s=D4Ei6uOHfylvVIZob5ReF9tbDCiD5Q2wPfcBpxXpld8&e=" style="color: blue; text-decoration: underline;" class=""><span style="color: rgb(5, 99, 193);" class="">https://github.com/cabforum/smime/pull/178/files</span></a><span class="apple-converted-space"> </span>or the attached document. A redline of changes since the SMC01 Ballot discussion started may be found at<span class="apple-converted-space"> </span><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_cabforum_smime_compare_28c0b904fe54f1c5f6c71d18c4786a3e02c76f52...b1ff7867dc85392e4c57b1993ed571e61e34dee2&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=eAcAJg7itXZRmAlXshymUW0TZ5HnBHQtF21zSfT5h5s&m=KBuQclN2SfCC3W6zMNTTIglSP40byG_PyLDtfvXMTEI&s=8zE9nYGBsHvMQVu-aEBAmkfCG0cOMKbqXm-t7Iu7j34&e=" style="color: blue; text-decoration: underline;" class=""><span style="color: rgb(5, 99, 193);" class="">https://github.com/cabforum/smime/compare/28c0b904fe54f1c5f6c71d18c4786a3e02c76f52...b1ff7867dc85392e4c57b1993ed571e61e34dee2</span></a><o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">The SMCWG Chair or Vice-Chair is permitted to update the Relevant Dates and Version Number of the S/MIME Baseline Requirements to reflect final dates.<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class="">— MOTION ENDS —</b><o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">This ballot proposes a Final Guideline. The procedure for approval of this ballot is as follows:<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Discussion (7+ days)<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Start Time: 14 October 2022 14:00 ET (US Eastern)<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">End Time: not before 21 October 2022 14:00 ET (US Eastern)<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Vote for approval (7 days)<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">Start Time: To be confirmed<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">End Time: To be confirmed<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class="">IPR Review (60 days)<o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""> <o:p class=""></o:p></div></div><p class="MsoNormal" style="margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif; line-height: 11.55pt;"> <o:p class=""></o:p></p><p class="MsoNormal" style="margin: 0in 0in 8pt; font-size: 11pt; font-family: Calibri, sans-serif; line-height: 11.55pt;"> <o:p class=""></o:p></p><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><br class=""><br class=""><br class=""><o:p class=""></o:p></div></div><pre style="margin: 0in 0in 0.0001pt; font-size: 10pt; font-family: "Courier New";" class="">_______________________________________________<o:p class=""></o:p></pre><pre style="margin: 0in 0in 0.0001pt; font-size: 10pt; font-family: "Courier New";" class="">Smcwg-public mailing list<o:p class=""></o:p></pre><pre style="margin: 0in 0in 0.0001pt; font-size: 10pt; font-family: "Courier New";" class=""><a href="mailto:Smcwg-public@cabforum.org" style="color: blue; text-decoration: underline;" class=""><span style="color: rgb(5, 99, 193);" class="">Smcwg-public@cabforum.org</span></a><o:p class=""></o:p></pre><pre style="margin: 0in 0in 0.0001pt; font-size: 10pt; font-family: "Courier New";" class=""><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=eAcAJg7itXZRmAlXshymUW0TZ5HnBHQtF21zSfT5h5s&m=KBuQclN2SfCC3W6zMNTTIglSP40byG_PyLDtfvXMTEI&s=50Sc78MatgGNY_CDsR9dWLCtAtURsPptE5R-uICDIiA&e=" style="color: blue; text-decoration: underline;" class=""><span style="color: rgb(5, 99, 193);" class="">https://lists.cabforum.org/mailman/listinfo/smcwg-public</span></a><o:p class=""></o:p></pre></blockquote></blockquote><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 9pt; font-family: Helvetica, sans-serif;" class="">_______________________________________________<br class="">Smcwg-public mailing list<br class=""></span><a href="mailto:Smcwg-public@cabforum.org" style="color: blue; text-decoration: underline;" class=""><span style="font-size: 9pt; font-family: Helvetica, sans-serif; color: rgb(5, 99, 193);" class="">Smcwg-public@cabforum.org</span></a><span style="font-size: 9pt; font-family: Helvetica, sans-serif;" class=""><br class=""></span><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=18G_plWPAeJu5QRlrkP0W1yv8Gr8jI4iylgOxeXnCo8&s=SWfQR2dc-tyhruDnioj37UW1IeiZOGDXW2S9EYiHy4g&e=" style="color: blue; text-decoration: underline;" class=""><span style="font-size: 9pt; font-family: Helvetica, sans-serif; color: rgb(5, 99, 193);" class="">https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.cabforum.org_mailman_listinfo_smcwg-2Dpublic&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=-bX5hBm1IdRDykQ-dBR8tsFRCM4v1VXUyG7RZa2WqPY&m=18G_plWPAeJu5QRlrkP0W1yv8Gr8jI4iylgOxeXnCo8&s=SWfQR2dc-tyhruDnioj37UW1IeiZOGDXW2S9EYiHy4g&e=</span></a><o:p class=""></o:p></div></div></blockquote></div><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class=""><span style="font-size: 8.5pt; color: rgb(246, 36, 0);" class=""><br class="">WISeKey SA</span></b><o:p class=""></o:p></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class=""><span style="font-size: 8.5pt;" class="">Pedro Fuentes<br class=""></span></b><span style="font-size: 8.5pt;" class="">CSO - Trust Services Manager</span><span style="font-size: 9pt;" class=""><br class=""></span><span style="font-size: 7.5pt;" class="">Office: + 41 (0) 22 594 30 00<br class="">Mobile: + 41 (0) </span><span style="font-size: 10pt;" class="">791 274 790</span><span style="" class=""><o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 7.5pt;" class="">Address: </span><span style="font-size: 7.5pt;" class="">Avenue Louis-Casaï 58 | </span><span style="font-size: 10pt;" class="">1216 Cointrin | Switzerland</span><o:p class=""></o:p></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class=""><span style="font-size: 9pt;" class="">Stay connected with <a href="http://www.wisekey.com/" style="color: blue; text-decoration: underline;" class=""><span style="color: rgb(246, 36, 0);" class="">WISeKey</span></a><br class=""></span></b><span style="font-size: 7.5pt; color: darkgray;" class=""><br class=""><br class=""></span><o:p class=""></o:p></div></div><div class=""><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class=""><span style="font-size: 7.5pt; color: rgb(120, 166, 0);" class="">THIS IS A TRUSTED MAIL</span></b><span style="font-size: 7.5pt; color: rgb(120, 166, 0);" class="">: This message is digitally signed with a WISeKey identity. If you get a mail from WISeKey please check the signature to avoid security risks</span><span style="font-size: 9pt;" class=""><o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 7pt; color: darkgray;" class=""><br class=""><br class=""></span><span style="font-size: 9pt;" class=""><o:p class=""></o:p></span></div></div><div class=""><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class=""><span style="font-size: 7pt; color: darkgray;" class="">CONFIDENTIALITY: </span></b><span style="font-size: 7pt; color: darkgray;" class="">This email and any files transmitted with it can be confidential and it’s intended solely for the use of the individual or entity to which they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. If you have received this email in error please notify the sender</span><span style="font-size: 9pt;" class=""><o:p class=""></o:p></span></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 9pt;" class=""><o:p class=""> </o:p></span></div></div><div class=""><div style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class=""><span style="font-size: 7pt; color: darkgray;" class="">DISCLAIMER: </span></b><span style="font-size: 7pt; color: darkgray;" class="">WISeKey does not warrant the accuracy or completeness of this message and does not accept any liability for any errors or omissions herein as this message has been transmitted over a public network. Internet communications cannot be guaranteed to be secure or error-free as information may be intercepted, corrupted, or contain viruses. Attachments to this e-mail are checked for viruses; however, we do not accept any liability for any damage sustained by viruses and therefore you are kindly requested to check for viruses upon receipt.</span></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></blockquote></div><br class=""><div class="">
<meta charset="UTF-8" class=""><div dir="auto" style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="text-align: start; text-indent: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><font class="" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-position: normal; font-variant-caps: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-weight: normal; line-height: normal; text-align: start; text-indent: 0px;"><b class=""><font color="#f62400" class="" style="font-size: 11px;"><br class="Apple-interchange-newline">WISeKey SA<br class=""></font></b></font><div class="" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-variant-ligatures: normal; font-variant-position: normal; font-variant-caps: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal; text-align: start; text-indent: 0px;"><font class="" style="color: rgb(0, 0, 0); font-size: 12px; font-weight: normal; font-style: normal;"><span class="" style="font-size: 11px;"><b class="">Pedro Fuentes<br class=""></b>CSO - Trust Services Manager</span><br class=""><font size="1" class="">Office: + 41 (0) 22 594 30 00<br class="">Mobile: + 41 (0) </font></font><span style="color: rgb(0, 0, 0); font-size: x-small; font-weight: normal; font-style: normal;" class="">791 274 790</span></div><div class="" style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal; text-align: start; text-indent: 0px;"><font class="" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px;"><font size="1" class="">Address: </font></font><font size="1" class="">Avenue Louis-Casaï 58 | </font><span style="font-size: x-small;" class="">1216 Cointrin | Switzerland</span></div><div class="" style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal; text-align: start; text-indent: 0px;"><font class=""><font size="1" class="" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px;"><b class="">Stay connected with <a href="http://www.wisekey.com" class=""><font color="#f62400" class="">WISeKey</font></a><br class=""></b></font></font><span class="" style="caret-color: rgb(0, 0, 0); color: rgb(169, 169, 169); font-size: 10px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; orphans: 2; widows: 2;"><br class=""></span></div><div class="" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-position: normal; font-variant-caps: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-weight: normal; line-height: normal; text-align: start; text-indent: 0px;"><div class="" style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal;"><span class="" style="orphans: 2; widows: 2;"><font size="1" color="#78a600" class=""><b class="">THIS IS A TRUSTED MAIL</b>: This message is digitally signed with a WISeKey identity. If you get a mail from WISeKey please check the signature to avoid security risks</font></span></div><div class="" style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal;"><span class="" style="orphans: 2; widows: 2; font-size: 9px;"><font color="#a9a9a9" class=""><br class=""></font></span></div><div class="" style="font-variant-ligatures: normal; font-variant-position: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; line-height: normal;"><div class="" style="orphans: 2; widows: 2;"><font color="#a9a9a9" class="" style="font-size: 9px;"><b class="">CONFIDENTIALITY: </b>This email and any files transmitted with it can be confidential and it’s intended solely for the use of the individual or entity to which they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. If you have received this email in error please notify the sender</font></div><div class="" style="orphans: 2; widows: 2;"><font color="#a9a9a9" class="" style="font-size: 9px;"><br class=""></font></div><div class="" style="orphans: 2; widows: 2;"><font color="#a9a9a9" class="" style="font-size: 9px;"><b class="">DISCLAIMER: </b>WISeKey does not warrant the accuracy or completeness of this message and does not accept any liability for any errors or omissions herein as this message has been transmitted over a public network. Internet communications cannot be guaranteed to be secure or error-free as information may be intercepted, corrupted, or contain viruses. Attachments to this e-mail are checked for viruses; however, we do not accept any liability for any damage sustained by viruses and therefore you are kindly requested to check for viruses upon receipt.</font></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>
<br class=""></div></body></html>