<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
h2
{mso-style-priority:9;
mso-style-link:"Heading 2 Char";
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:18.0pt;
font-family:"Calibri",sans-serif;
color:black;}
h3
{mso-style-priority:9;
mso-style-link:"Heading 3 Char";
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:13.5pt;
font-family:"Calibri",sans-serif;
color:black;}
span.Heading2Char
{mso-style-name:"Heading 2 Char";
mso-style-priority:9;
mso-style-link:"Heading 2";
font-family:"Calibri",sans-serif;
color:black;
font-weight:bold;}
span.Heading3Char
{mso-style-name:"Heading 3 Char";
mso-style-priority:9;
mso-style-link:"Heading 3";
font-family:"Calibri",sans-serif;
color:black;
font-weight:bold;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<h2><a name="_Hlk116919592">Minutes of SMCWG<o:p></o:p></a></h2>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">February 1, 2023<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">These are the </span>
<span style="mso-bookmark:_Hlk116919592"><span style="color:windowtext">Approved</span> Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.<o:p></o:p></span></p>
<h3><span style="mso-bookmark:_Hlk116919592">Attendees <o:p></o:p></span></h3>
<h3><span style="mso-bookmark:_Hlk116919592"><span style="font-size:11.0pt;font-weight:normal">Adrian Mueller - (SwissSign), Andrea Holland - (SecureTrust), Ashish Dhiman - (GlobalSign), Ben Wilson - (Mozilla), Bruce Morton - (Entrust), Chad Ehlers - (IdenTrust),
Clint Wilson - (Apple), Corey Bonnell - (DigiCert), Dave Chin - (CPA Canada/WebTrust), Dimitris Zacharopoulos - (HARICA), Don Sheehy - (CPA Canada/WebTrust), Enrico Entschew - (D-TRUST), Eva Vansteenberge - (GlobalSign), Hazhar Ismail - (MSC Trustgate Sdn
Bhd), Inaba Atsushi - (GlobalSign), Inigo Barreira - (Sectigo), Judith Spencer - (CertiPath), Marco Schambach - (IdenTrust), Martijn Katerbarg - (Sectigo), Matthias Wiedenhorst - (ACAB Council), Nome Huang - (TrustAsia Technologies, Inc.), Paul van Brouwershaven
- (Entrust), Pedro Fuentes - (OISTE Foundation), Pekka Lahtiharju - (Telia Company), Rebecca Kelley - (Apple), Renne Rodriguez - (Apple), Rollin Yu - (TrustAsia Technologies, Inc.), Russ Housley - (Vigil Security LLC), Stefan Selbitschka - (rundQuadrat), Stephen
Davidson - (DigiCert), Taavi Eomäe - (Zone Media), Tadahiko Ito - (SECOM Trust Systems), Tim Crawford - (CPA Canada/WebTrust), Tim Hollebeek - (DigiCert)<o:p></o:p></span></span></h3>
<h3><span style="mso-bookmark:_Hlk116919592">1. Roll Call<o:p></o:p></span></h3>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk116919592">The Roll Call was taken.<o:p></o:p></span></p>
<h3><span style="mso-bookmark:_Hlk116919592">2. Read Antitrust Statement<o:p></o:p></span></h3>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk116919592">The Antitrust/Compliance Statement was read.<o:p></o:p></span></p>
<h3><span style="mso-bookmark:_Hlk116919592">3. Review Agenda<o:p></o:p></span></h3>
<h3><span style="mso-bookmark:_Hlk116919592">4. Approval of minutes from last teleconference<o:p></o:p></span></h3>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">The minutes of the January 18 teleconferences were approved.<o:p></o:p></span></p>
<h3><span style="mso-bookmark:_Hlk116919592">5. Discussion <o:p></o:p></span></h3>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">Stephen Davidson noted that representatives were on the call from TrustAsia, who had not previously joined the WG. There was some confusion regarding lists on the wiki and membership tool. It was
agreed that the TrustAsia representatives would leave the call and that the various membership lists would be checked. Stephen thanked the TrustAsia representatives for their cooperation.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">The email verification procedures of Section 1.3.2.1 were discussed, following a question submitted by Christophe Bonjean. He noted that the text for Organization-validated or sponsor-validated
profiles indicate the use of Section 3.2.2.1 (domain based) or Section 3.2.2.3 (operator of server). The text for the Mailbox-validated profiles describes Section 3.2.2.2 (email challenge).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">Christophe asked if this prohibited Enterprise RAs from issuing mailbox-validated profiles on the basis of domain validation (3.2.2.1) or as operator of server (3.2.2.3). Stephen said that Mailbox-validated
profiles could be issued using those methods if the domains belonged to the ERA.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">Christophe asked if ERA could S</span><span style="mso-bookmark:_Hlk116919592"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">ponsor-validated certificates based on email challenges
(3.2.2.2). Stephen said only if the </span>Section 3.2.2.1 or 3.2.2.3 procedures had also been carried out.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">Bruce Morton asked why the mention of Mailbox-validated was even in the section as the verification was the responsibility of the CA. Stephen commented that the section was there to affirm that
an Enterprise RA could issue certs for internal users as well as external users (with the Mailbox-validated profile).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">Ben Wilson suggested adding text to describe issuance to internal vs external users. Stephen agreed to propose improvements to the text for consideration in a later Errata ballot. Eva Vansteenberge
commented that the clarification might reside better in Section 3.2.3.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">The WG discussed a question posed by Adrian Müller whether existing CAs can be used to issue leafs that are compliant with the SBR, or if the expectation was that new CAs should be required. Stephen
asked if Certificate Consumers had any feedback. Stephen said that his interpretation was that an existing CA could be used if it met the requirements of Section 7.1.2.2. Adrian pointed out that the section requires certificatePolicies to be in the CA.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">Bruce said that CAs issued after the effective date must be fully compliant – but some Certificate Issuers would wish to use pre-existing CAs from before the effective date. Corey Bonnell pointed
out that existing CAs could be reissued to include the SBR certificatePolicies OIDs or anyPolicy. This was supported by Dimitris Zacharopoulos. Stephen asked if Certificate Consumers had any objection; no objection was raised.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592"><br>
Stephen noted that out the next meeting would seek to set an agenda for the Ottawa meeting. He also noted that we’d provide more information on the ETSI audit criteria in that next meeting.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592"><o:p> </o:p></span></p>
<h3 style="mso-margin-top-alt:1.0pt;margin-right:0in;margin-bottom:1.0pt;margin-left:0in">
<span style="mso-bookmark:_Hlk116919592">6. Any Other Business<o:p></o:p></span></h3>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">None<o:p></o:p></span></p>
<h3><span style="mso-bookmark:_Hlk116919592">7. Next call<o:p></o:p></span></h3>
<h3><span style="mso-bookmark:_Hlk116919592"><span style="font-size:11.0pt;font-weight:normal">Next call: tentative Wednesday, February 15, 2023 at 11:00 am Eastern Time<o:p></o:p></span></span></h3>
<h3><span style="mso-bookmark:_Hlk116919592"><span lang="DE">Adjourned</span></span><span style="mso-bookmark:_Hlk116919592"></span><o:p></o:p></h3>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
</div>
</body>
</html>