<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
h2
{mso-style-priority:9;
mso-style-link:"Heading 2 Char";
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:18.0pt;
font-family:"Calibri",sans-serif;
color:black;}
h3
{mso-style-priority:9;
mso-style-link:"Heading 3 Char";
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:13.5pt;
font-family:"Calibri",sans-serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.Heading2Char
{mso-style-name:"Heading 2 Char";
mso-style-priority:9;
mso-style-link:"Heading 2";
font-family:"Calibri",sans-serif;
color:black;
mso-ligatures:none;
font-weight:bold;}
span.Heading3Char
{mso-style-name:"Heading 3 Char";
mso-style-priority:9;
mso-style-link:"Heading 3";
font-family:"Calibri",sans-serif;
color:black;
mso-ligatures:none;
font-weight:bold;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<h2><a name="_Hlk116919592">Minutes of SMCWG<o:p></o:p></a></h2>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">July 19, 2023<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">These are the </span>
<span style="mso-bookmark:_Hlk116919592"><span style="color:windowtext">Approved</span> Minutes of the Teleconference described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.<o:p></o:p></span></p>
<h3><span style="mso-bookmark:_Hlk116919592">Attendees <o:p></o:p></span></h3>
<h3><span style="mso-bookmark:_Hlk116919592"><span style="font-size:11.0pt;font-weight:normal">Adrian Mueller - (SwissSign), Andreas Henschel - (D-TRUST), Ashish Dhiman - (GlobalSign), Ben Wilson - (Mozilla), Bruce Morton - (Entrust), Chad Ehlers - (IdenTrust),
Clint Wilson - (Apple), Corey Bonnell - (DigiCert), Dimitris Zacharopoulos - (HARICA), Don Sheehy - (CPA Canada/WebTrust), Eva Vansteenberge - (GlobalSign), Inaba Atsushi - (GlobalSign), Inigo Barreira - (Sectigo), Judith Spencer - (CertiPath), Li-Chun Chen
- (Chunghwa Telecom), Marco Schambach - (IdenTrust), Morad Abou Nasser - (TeleTrust), Mrugesh Chandarana - (IdenTrust), Nome Huang - (TrustAsia Technologies, Inc.), Pedro Fuentes - (OISTE Foundation), Renne Rodriguez - (Apple), Rollin Yu - (TrustAsia Technologies,
Inc.), Scott Rea - (eMudhra), Stephen Davidson - (DigiCert), Tadahiko Ito - (SECOM Trust Systems), Tim Crawford - (CPA Canada/WebTrust), Tim Hollebeek - (DigiCert), Wendy Brown - (US Federal PKI Management Authority)<o:p></o:p></span></span></h3>
<h3><span style="mso-bookmark:_Hlk116919592">1. Roll Call<o:p></o:p></span></h3>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk116919592">The Roll Call was taken.<o:p></o:p></span></p>
<h3><span style="mso-bookmark:_Hlk116919592">2. Read Antitrust Statement<o:p></o:p></span></h3>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk116919592">The statement was read concerning the antitrust policy, code of conduct, and intellectual property rights agreement.<o:p></o:p></span></p>
<h3><span style="mso-bookmark:_Hlk116919592">3. Review Agenda<o:p></o:p></span></h3>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">Minutes were prepared by Stephen Davidson.<o:p></o:p></span></p>
<h3><span style="mso-bookmark:_Hlk116919592">4. Approval of minutes from last teleconference<o:p></o:p></span></h3>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">The minutes were approved from the following SMCWG meetings: June 21.<o:p></o:p></span></p>
<h3><span style="mso-bookmark:_Hlk116919592">5. Discussion <o:p></o:p></span></h3>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">Stephen Davidson noted that the minutes from the F2F were still outstanding.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">Stephen noted that Ballot SMC03 passed and was now in IPR, scheduled to conclude on August 11. Bruce Morton said that full redlines (as opposed to the github diff) would be helpful.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">Stephen opened the floor for discussion of issues that may have arisen during implementation of the SBR.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">Dimitris Zacharopoulos asked for confirmation that existing CAs that used anyPolicy (and are otherwise compliant) could be used going forward. Stephen confirmed and said that updates would only be
required when explicit CP OIDs were used.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">Tim Hollebeek requested that the CABF host a high level discussion on the use of anyPolicy versus explicit CP OIDs in CAs. Dimitris said that policy chaining was desirable, and that such a discussion
would be useful particularly given the move towards dedicate “use case” hierarchies.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">Stephen noted that questions had arisen relating to finding phone numbers, which may not always be provided in government data sources. He said he believed that the existing text allowed the use
of “QIIS” type resources for phone numbers but that this may be an area that the WG may wish to improve. Bruce and Tim supported this. Stephen noted that even the phone book would be a QIIS. Tim asked if any Cert Consumers had issues with this: no issues
were raised.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">Ben Wilson noted that Mozilla had distributed guidance points on the lists and at
</span><a href="https://url.avanan.click/v2/___https:/wiki.mozilla.org/CA/Transition_SMIME_BRs___.YXAzOmRpZ2ljZXJ0OmE6bzpkNjY1YmQwMjRjNjJhMzM0YzI5YjJhN2YzNjc1NjNiZjo2OmQ5YjM6YzY1Yjc1NTRkYmUwMDE5YTk2MzMzMjU5NWYyNDZlNzM4YzA0ZGZiMDkyYWZjYjg5NGIwYTNjNDg5NWFmOTRlMDpoOkY" title="Protected by Avanan: https://wiki.mozilla.org/CA/Transition_SMIME_BRs"><span style="mso-bookmark:_Hlk116919592">https://wiki.mozilla.org/CA/Transition_SMIME_BRs</span><span style="mso-bookmark:_Hlk116919592"></span></a><span style="mso-bookmark:_Hlk116919592">.
This includes some guardrails for the acceptable reissuance of Issuing CAs.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">Stephen asked if Certificate Issuers were having issues with finding organizationIdentifiers for Orgs. None were raised. He noted that the SBR text included the prefix “GOV” which at the time of
writing was in a draft being discussed at ETSI for 319 412-1 but appears to not have moved ahead.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">Tim provided an update on the CAA RFC at the IETF. It has cleared final call and the expert review phases in the IETF process, so will become an operation RFC once it clears the final edit. Stephen
said that CAA is targeted for discussion in the SMCWG this autumn, with a lengthy implementation window.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592"><br>
Stephen commented that ETSI TS 119 411-6 (overlaying the SBR on ETSI requirements) was going through remote consensus and was expected to become final around the time of the SBRv1. In the meantime, the text in SMC03 is adequate for Certificate Issuers who
use ETSI audits.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">Stephen asked if any Certificate Issuers would be interested in working on a ballot to include a signature scheme (such as eIDAS) as a vetting option. See
</span><a href="https://url.avanan.click/v2/___https:/github.com/cabforum/smime/blob/main/SBR.md%233241-attribute-collection-of-individual-identity___.YXAzOmRpZ2ljZXJ0OmE6bzpkNjY1YmQwMjRjNjJhMzM0YzI5YjJhN2YzNjc1NjNiZjo2OjhlMzU6N2Y4MGIwMmVmNThlOWUyNWJlMWI4ODgwMDU2NDI2MDUwNWEyMjMyY2E3NjIyOGYxNzY5ZTFmMTJiZTU1YTVkNTpoOkY" title="Protected by Avanan: https://github.com/cabforum/smime/blob/main/SBR.md#3241-attribute-collection-of-individual-identity"><span style="mso-bookmark:_Hlk116919592">https://github.com/cabforum/smime/blob/main/SBR.md#3241-attribute-collection-of-individual-identity</span><span style="mso-bookmark:_Hlk116919592"></span></a><span style="mso-bookmark:_Hlk116919592">
item 4.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">Stephen encouraged members to use the issues list on GitHub at
</span><a href="https://url.avanan.click/v2/___https:/github.com/cabforum/smime/issues___.YXAzOmRpZ2ljZXJ0OmE6bzpkNjY1YmQwMjRjNjJhMzM0YzI5YjJhN2YzNjc1NjNiZjo2OmQzYTg6ZGM0Mjc2M2NiOTI4OTViOTYwNjI0ODkzODg1MzQwNTc4YzE3NzBjNjVlMDdhNmY5MTg5MDViMWIyODRkMmUxZjpoOkY" title="Protected by Avanan: https://github.com/cabforum/smime/issues"><span style="mso-bookmark:_Hlk116919592">https://github.com/cabforum/smime/issues</span><span style="mso-bookmark:_Hlk116919592"></span></a><span style="mso-bookmark:_Hlk116919592">.
Pedro Fuentes asked if the group could do a routine review of those issues in a call.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592"><o:p> </o:p></span></p>
<h3 style="mso-margin-top-alt:1.0pt;margin-right:0in;margin-bottom:1.0pt;margin-left:0in">
<span style="mso-bookmark:_Hlk116919592">6. Any Other Business<o:p></o:p></span></h3>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk116919592">None<o:p></o:p></span></p>
<h3><span style="mso-bookmark:_Hlk116919592">7. Next call<o:p></o:p></span></h3>
<h3><span style="mso-bookmark:_Hlk116919592"><span style="font-size:11.0pt;font-weight:normal">Next call: tentative Wednesday, August 2, 2023 at 11:00 am Eastern Time<o:p></o:p></span></span></h3>
<h3><span style="mso-bookmark:_Hlk116919592"><span lang="DE">Adjourned</span></span><span style="mso-bookmark:_Hlk116919592"></span><o:p></o:p></h3>
<p class="MsoNormal"><span style="color:windowtext"><o:p> </o:p></span></p>
</div>
</body>
</html>