<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p><font face="Calibri">For me it's fine to start inserting the
        eIDAS scheme.</font></p>
    <p><font face="Calibri">I understand Judith Spencer's concerns,
        however it is clear that here we are working in an "additive"
        way, so nothing prevents further schemes from being introduced
        later, as soon as there is consensus. Even now, if we are aware
        of at least one other non-European scheme (e.g. Asian, American,
        etc.) which guarantees a reliability more or less comparable
        with that of eIDAS as to the identification of individual
        applicants, I wouldn't see any problem in including that as
        well. First, perhaps, it would be good to share sufficient
        information on this other possible scheme, and perhaps see some
        examples of certificates issued under it, to be able to judge
        its presumed equivalence.<br>
      </font></p>
    <p><font face="Calibri">Furthermore, I think it would make sense to
        also accept a digital signature made with an S/MIME IV
        certificate, because evidently this would be a sufficiently
        reliable way of individual identification; in practice, in order
        to obtain a new S/MIME IV certificate, e.g. for renewal
        purposes, or perhaps for a different email address, I think the
        CA should be able to accept a signature made with an S/MIME IV
        certificate already in the applicant's possession, compliant
        with the SMBRs, not expired and not revoked. To this end, I
        would say that a signed S/MIME message could be fine... what do
        you (all) think?</font></p>
    <p><font face="Calibri">Adriano</font></p>
    <p><font face="Calibri"><br>
      </font></p>
    <div class="moz-cite-prefix">Il 25/04/2024 02:06, Stephen Davidson
      via Smcwg-public ha scritto:<br>
    </div>
    <blockquote type="cite"
cite="mid:0100018f1292ed72-fe55a679-1082-4cb9-b37a-655a57130dc0-000000@email.amazonses.com">
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
      <meta name="Generator"
        content="Microsoft Word 15 (filtered medium)">
      <style>@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
        {font-family:Aptos;}p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        font-size:11.0pt;
        font-family:"Aptos",sans-serif;
        mso-ligatures:standardcontextual;}a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#467886;
        text-decoration:underline;}span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Aptos",sans-serif;
        color:windowtext;}.MsoChpDefault
        {mso-style-type:export-only;
        font-size:11.0pt;
        font-family:"Aptos",sans-serif;}div.WordSection1
        {page:WordSection1;}</style>
      <!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
      <title></title>
      <div align="center">
        <table width="30%" cellspacing="2" cellpadding="2" border="1">
          <tbody>
            <tr>
              <td valign="top" bgcolor="#ffff00"> <span
                  style="color: red;">NOTICE:</span> Pay attention -
                external email - Sender is
<a class="moz-txt-link-abbreviated" href="mailto:0100018f1292ed72-fe55a679-1082-4cb9-b37a-655a57130dc0-000000@amazonses.com">0100018f1292ed72-fe55a679-1082-4cb9-b37a-655a57130dc0-000000@amazonses.com</a>
              </td>
            </tr>
          </tbody>
        </table>
        <br>
      </div>
      <br>
      <div class="WordSection1">
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">Hello all:<o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">As discussed today, here is draft language
          for
          consideration to allow CAs to rely upon signatures created
          with
          eIDAS Qualified certificates as evidence supporting validation
          of
          individual identity.<br>
          <br>
          <o:p></o:p></p>
        <p class="MsoNormal"><a
href="https://github.com/srdavidson/QES-SMIME-BR/blob/master/QES-proposal.md"
            moz-do-not-send="true" class="moz-txt-link-freetext">
https://github.com/srdavidson/QES-SMIME-BR/blob/master/QES-proposal.md</a><o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">I’d be grateful for feedback on this
          language.<o:p></o:p></p>
        <p class="MsoNormal">Best, Stephen<o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
      </div>
      <br>
      <fieldset class="moz-mime-attachment-header"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
Smcwg-public mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Smcwg-public@cabforum.org">Smcwg-public@cabforum.org</a>
<a class="moz-txt-link-freetext" href="https://lists.cabforum.org/mailman/listinfo/smcwg-public">https://lists.cabforum.org/mailman/listinfo/smcwg-public</a>
</pre>
    </blockquote>
  </body>
</html>