<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-ligatures:standardcontextual;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72" style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal>Thanks Bruce. That section is planned to be deleted.<o:p></o:p></p><p class=MsoNormal><a href="https://github.com/srdavidson/smime/compare/241e92cde85c25d7e0d4a5c70118ecadacd4d72b...c8b0c9ff9fa28c2c7abeb2871aaa2d60a19842ed">https://github.com/srdavidson/smime/compare/241e92cde85c25d7e0d4a5c70118ecadacd4d72b...c8b0c9ff9fa28c2c7abeb2871aaa2d60a19842ed</a><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I can certainly move the content to 3.2.2.4 but I see that the TLS BR are considering gathering their the CAA information in 3.2.2.8 which may be confusing for CAs?<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The use of 4.2 would allow consistency across the two docs.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='mso-ligatures:none'>From:</span></b><span style='mso-ligatures:none'> Bruce Morton <Bruce.Morton@entrust.com> <br><b>Sent:</b> Wednesday, December 6, 2023 9:09 PM<br><b>To:</b> Stephen Davidson <Stephen.Davidson@digicert.com>; SMIME Certificate Working Group <smcwg-public@cabforum.org><br><b>Subject:</b> RE: CAA for S/MIME<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I think we need to fix this section:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal style='margin-left:.5in'>3.2.2.4 CAA records<o:p></o:p></p><p class=MsoNormal style='margin-left:.5in'>This version of the S/MIME Baseline Requirements does not require the CA to check for CAA records. The CAA property tags for `issue`, `issuewild`, and `iodef` as specified in [RFC 8659](<a href="https://datatracker.ietf.org/doc/html/rfc8659">https://datatracker.ietf.org/doc/html/rfc8659</a>) are not recognized for the issuance of S/MIME Certificates.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I would really like to add all CAA requirements to section 3.2.2.4, since it is called CAA records. This would be in line with this TLS BR comment <a href="https://github.com/cabforum/servercert/issues/466">https://github.com/cabforum/servercert/issues/466</a>.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Thanks, Bruce.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='mso-ligatures:none'>From:</span></b><span style='mso-ligatures:none'> Smcwg-public <<a href="mailto:smcwg-public-bounces@cabforum.org">smcwg-public-bounces@cabforum.org</a>> <b>On Behalf Of </b>Stephen Davidson via Smcwg-public<br><b>Sent:</b> Wednesday, December 6, 2023 1:00 PM<br><b>To:</b> <a href="mailto:smcwg-public@cabforum.org">smcwg-public@cabforum.org</a><br><b>Subject:</b> [EXTERNAL] [Smcwg-public] CAA for S/MIME<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Hello:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Here is an updated diff for the CAA text following our discussions today:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>-As suggested by Cade, to add the TTL/8hr reference consistent with the TLS BR.<o:p></o:p></p><p class=MsoNormal>-To add the implementation dates in 2.2 and 4.2<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='mso-ligatures:none'><a href="https://github.com/srdavidson/smime/compare/241e92cde85c25d7e0d4a5c70118ecadacd4d72b...43228a41a5cc99a3301c4066621787cde7e0f79a">https://github.com/srdavidson/smime/compare/241e92cde85c25d7e0d4a5c70118ecadacd4d72b...43228a41a5cc99a3301c4066621787cde7e0f79a</a><o:p></o:p></span></p><p class=MsoNormal><span style='mso-ligatures:none'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-ligatures:none'>The plan will be to move this to ballot at the start of 2024, so I encourage CAs to engage with operations teams and/or software vendors on the suitability of the implementation dates.<o:p></o:p></span></p><p class=MsoNormal><span style='mso-ligatures:none'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-ligatures:none'>Best regards, Stephen<o:p></o:p></span></p><p class=MsoNormal><span style='mso-ligatures:none'><o:p> </o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><i><span style='mso-ligatures:none'>Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. <u>Please notify Entrust immediately and delete the message from your system.</u></span></i><span style='mso-ligatures:none'> <o:p></o:p></span></p></div></body></html>