<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:10.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72" style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt'>Hi Bruce – that’s correct. I was linking to the current SBR for those who aren’t familiar with it.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>We’ll soon be looking at the draft CAA text (which is a WIP at <a href="https://github.com/srdavidson/smime/blob/CAA/SBR.md">https://github.com/srdavidson/smime/blob/CAA/SBR.md</a>)<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Best, Stephen<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:11.0pt'>From:</span></b><span style='font-size:11.0pt'> Bruce Morton <Bruce.Morton@entrust.com> <br><b>Sent:</b> Monday, October 30, 2023 3:48 PM<br><b>To:</b> Stephen Davidson <Stephen.Davidson@digicert.com>; SMIME Certificate Working Group <smcwg-public@cabforum.org><br><b>Subject:</b> RE: Considering CAA for the S/MIME Baseline Requirements<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='font-size:11.0pt'>Hi Stephen,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>I think the wrong link was provided as the link below does not show a new plan for CAA.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Thanks, Bruce.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:11.0pt'>From:</span></b><span style='font-size:11.0pt'> Smcwg-public <<a href="mailto:smcwg-public-bounces@cabforum.org">smcwg-public-bounces@cabforum.org</a>> <b>On Behalf Of </b>Stephen Davidson via Smcwg-public<br><b>Sent:</b> Monday, October 30, 2023 2:28 PM<br><b>To:</b> <a href="mailto:smcwg-public@cabforum.org">smcwg-public@cabforum.org</a><br><b>Subject:</b> [EXTERNAL] [Smcwg-public] Considering CAA for the S/MIME Baseline Requirements<o:p></o:p></span></p></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal style='mso-line-height-alt:.75pt'><span style='font-size:1.0pt;color:white'>Hello: The S/MIME Certificate Working Group (SMCWG) of the CA/Browser Forum proposes to add a requirement for CAs issuing publicly-trusted S/MIME certificates to implement Certificate Authority Authorization (CAA) checking. Public-trust CAs <o:p></o:p></span></p></div><div><p class=MsoNormal style='mso-line-height-alt:.75pt'><span style='font-size:1.0pt;color:white'><o:p> </o:p></span></p></div><p class=MsoNormal><span style='font-size:11.0pt;mso-ligatures:standardcontextual'>Hello:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-ligatures:standardcontextual'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-ligatures:standardcontextual'>The S/MIME Certificate Working Group (SMCWG) of the CA/Browser Forum proposes to add a requirement for CAs issuing publicly-trusted S/MIME certificates to implement Certificate Authority Authorization (CAA) checking. Public-trust CAs have used CAA for some time when issuing TLS certificates, and the new <a href="https://urldefense.com/v3/__https:/www.rfc-editor.org/rfc/rfc9495.html__;!!FJ-Y8qCqXTj2!cxBboQwU7IpUNEaKjUUpJaea6MkJIm9dLTq7n_1lsnGZmwywk-cyTq4vn9KXkp5We--bzxjtfx0Y5bkcpfxPavcRU1yA$">RFC 9495</a> extends CAA with a new property tag for “issuemail”. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-ligatures:standardcontextual'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-ligatures:standardcontextual'>The benefit is that domain holders will be able to specify CAs they authorize to issue certificates on their behalf separately for TLE and for S/MIME.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-ligatures:standardcontextual'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-ligatures:standardcontextual'>The current plan is to allow up to 12 months for CAs to implement CAA following publication of the amending ballot to <a href="https://urldefense.com/v3/__https:/github.com/cabforum/smime/blob/main/SBR.md__;!!FJ-Y8qCqXTj2!cxBboQwU7IpUNEaKjUUpJaea6MkJIm9dLTq7n_1lsnGZmwywk-cyTq4vn9KXkp5We--bzxjtfx0Y5bkcpfxPanQGMIBF$">the S/MIME Baseline Requirements</a>. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-ligatures:standardcontextual'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-ligatures:standardcontextual'>The SMCWG is now starting work on that amending ballot. We encourage both Certificate Issuers as well as PKI application software providers involved in issuing S/MIME certificates to become familiar with RFC 9495, and welcome feedback on the pending requirement and implementation timeframe.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-ligatures:standardcontextual'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-ligatures:standardcontextual'>With kind regards,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-ligatures:standardcontextual'>Stephen Davidson<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-ligatures:standardcontextual'>Chair, S/MIME Certificate Working Group</span><span style='font-size:11.0pt'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;mso-ligatures:standardcontextual'><o:p> </o:p></span></p><p class=MsoNormal><i><span style='font-size:11.0pt'>Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. <u>Please notify Entrust immediately and delete the message from your system.</u></span></i><span style='font-size:11.0pt'> <o:p></o:p></span></p></div></body></html>