<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
Thanks for sharing!</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
Do you also have a list of checks that are implemented by the linter?</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">It would be great to have a document like zlint: <a href="https://docs.google.com/spreadsheets/d/1ywp0op9mkTaggigpdF2YMTubepowJ50KQBhc_b00e-Y/edit" class="ContentPasted0 OWAAutoLink" id="OWAf3a3cb87-7657-6bd7-45f8-22673871c40c">ZLint
Validation - Google Sheets</a></span></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
Thanks,</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
Paul</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Smcwg-public <smcwg-public-bounces@cabforum.org> on behalf of Stephen Davidson via Smcwg-public <smcwg-public@cabforum.org><br>
<b>Sent:</b> Wednesday, May 3, 2023 16:11<br>
<b>To:</b> smcwg-public@cabforum.org <smcwg-public@cabforum.org><br>
<b>Subject:</b> [EXTERNAL] [Smcwg-public] DigiCert releases next generation certificate linter “pkilint” as OSS</font>
<div> </div>
</div>
<style>
<!--
@font-face
{font-family:Wingdings}
@font-face
{font-family:"Cambria Math"}
@font-face
{font-family:Calibri}
p.x_MsoNormal, li.x_MsoNormal, div.x_MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif}
a:link, span.x_MsoHyperlink
{color:#0563C1;
text-decoration:underline}
p.x_MsoListParagraph, li.x_MsoListParagraph, div.x_MsoListParagraph
{margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:11.0pt;
font-family:"Calibri",sans-serif}
span.x_EmailStyle17
{font-family:"Calibri",sans-serif;
color:windowtext}
.x_MsoChpDefault
{font-family:"Calibri",sans-serif}
@page WordSection1
{margin:1.0in 1.0in 1.0in 1.0in}
div.x_WordSection1
{}
ol
{margin-bottom:0in}
ul
{margin-bottom:0in}
-->
</style>
<div lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">WARNING: This email originated outside of Entrust.<br>
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.<br>
<hr>
<div class="x_WordSection1">
<p class="x_MsoNormal">DigiCert is pleased to announce the release of a new certificate linter, known as pkilint, which builds on industry experience automating compliance checks for digital certificates.
</p>
<p class="x_MsoNormal"> </p>
<p class="x_MsoNormal">This first release of pkilint implements compliance testing for the recently released CA/Browser Forum S/MIME Baseline Requirements. Corey Bonnell will introduce pkilint’s S/MIME linting on the next SMCWG teleconference.</p>
<p class="x_MsoNormal"> </p>
<p class="x_MsoNormal">The pkilint linter is being provided to the community by DigiCert as Open Source Software (OSS) under the MIT License which provides wide freedom to use, distribute, and modify the software.
</p>
<p class="x_MsoNormal"> </p>
<p class="x_MsoNormal">Read more at the pkilint repository on GitHub: <a href="https://urldefense.com/v3/__https://github.com/digicert/pkilint__;!!FJ-Y8qCqXTj2!bFSWHIXDcbOEUgxpDthb1PTwfpwOV_HJci8AgWBMtoJvY4hdhMmpGQA6Z_Aotk7qjNN5gImoe3WWqKBWEwvwJnqd5yaI3jOeIRA$">
https://github.com/digicert/pkilint</a></p>
<p class="x_MsoNormal"> </p>
<p class="x_MsoNormal"><b><span style="font-size:14.0pt">Why pkilint?</span></b></p>
<p class="x_MsoNormal">The pkilint framework can be adapted to any certificate type. It initially includes more than 145 separate tests against different specifications of the S/MIME Baseline Requirements and other important standards that apply to digital
certificate formats.</p>
<p class="x_MsoNormal"> </p>
<p class="x_MsoNormal">pkilint was developed based upon DigiCert’s experience using certificate linters in high volume environments. The pkilint framework provides several advantages over existing approaches:</p>
<p class="x_MsoNormal"> </p>
<p class="x_MsoListParagraph" style="margin-left:.75in; text-indent:-.5in"><span style="mso-list:Ignore">•<span style="font:7.0pt "Times New Roman"">
</span></span>Built on top of a proven ASN.1 parser allowing very detailed checks that detect ASN.1 encoding errors;</p>
<p class="x_MsoListParagraph" style="margin-left:.75in; text-indent:-.5in"><span style="mso-list:Ignore">•<span style="font:7.0pt "Times New Roman"">
</span></span>Architected from the ground up to support linting of many different types of PKI structures (including certificates, CRLs, OCSP responses, etc.) against different standards and trust frameworks; and</p>
<p class="x_MsoListParagraph" style="margin-left:.75in; text-indent:-.5in"><span style="mso-list:Ignore">•<span style="font:7.0pt "Times New Roman"">
</span></span>Rich validation logic analyzes every field of an ASN.1 document and determines which sets of tests to execute. This results in faster and more thorough testing, with less development time.</p>
<p class="x_MsoNormal"> </p>
<p class="x_MsoNormal">In addition to pkilint, DigiCert recently provided an OSS tool called
<a href="https://urldefense.com/v3/__https://github.com/digicert/smbr-cert-factory__;!!FJ-Y8qCqXTj2!bFSWHIXDcbOEUgxpDthb1PTwfpwOV_HJci8AgWBMtoJvY4hdhMmpGQA6Z_Aotk7qjNN5gImoe3WWqKBWEwvwJnqd5yaIOPR2D0A$">
SMBR-Cert-Factory</a> that allows users to generate test certificates that are compliant with the different certificate profiles defined in S/MIME Baseline Requirements.
</p>
<p class="x_MsoNormal"> </p>
<p class="x_MsoNormal"><b><span style="font-size:14.0pt">Community development</span></b></p>
<p class="x_MsoNormal">The pkilint framework is easily expandable to analyze other digital certificate types and aspects of PKI, such as CRL and OCSP implementations. Additionally, DigiCert is planning to use the framework to add lints to encompass the changes
introduced by the CA/Browser Forum <a href="https://urldefense.com/v3/__https://cabforum.org/2023/03/17/ballot-sc62v2-certificate-profiles-update/__;!!FJ-Y8qCqXTj2!bFSWHIXDcbOEUgxpDthb1PTwfpwOV_HJci8AgWBMtoJvY4hdhMmpGQA6Z_Aotk7qjNN5gImoe3WWqKBWEwvwJnqd5yaIq7M0lpU$">
Ballot SC-62</a> for TLS certificate profiles. Developers who are interested in contributing to pkilint can do so on the project’s
<a href="https://urldefense.com/v3/__https://github.com/digicert/pkilint__;!!FJ-Y8qCqXTj2!bFSWHIXDcbOEUgxpDthb1PTwfpwOV_HJci8AgWBMtoJvY4hdhMmpGQA6Z_Aotk7qjNN5gImoe3WWqKBWEwvwJnqd5yaI3jOeIRA$">
GitHub page</a>.</p>
<p class="x_MsoNormal"> </p>
<p class="x_MsoNormal"> </p>
<p class="x_MsoNormal"> </p>
</div>
</div>
<i>Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the
information it contains. <u>Please notify Entrust immediately</u> and delete the message from your system.</i>
</body>
</html>