[cabfpub] Comments on proposed S/MIME WG charter

Virginia Fournier vfournier at apple.com
Fri May 18 02:29:56 UTC 2018 

Hi Tim,

Just a couple of comments on the proposed charter.

First, it doesn’t really matter what you call the working group.  You could call it the “Meatloaf WG” if you wanted to, although that’s probably not a great name.  What’s important is making sure what you want to cover is included in the scope of the charter.  So, for example, if you called a proposed WG the “Email WG,” but the charter scope said nothing about email, the WG would not be able to work on email issues.

On the other hand, you could call the working group the “Meatloaf WG,” and include S/MIME and email in the charter scope, and then the WG could work on both.  It’s all about what’s in the charter scope.

Also, you mention the “Code Signing WG” in the out of scope section.  A bit too much blatant copying?  ;-)

P.S. I’m not advocating naming WGs after food items.


Best regards,

Virginia Fournier
Senior Standards Counsel
 Apple Inc.
☏ 669-227-9595
✉︎ vmf at apple.com <mailto:vmf at apple.com>






On May 17, 2018, at 3:49 PM, public-request at cabforum.org wrote:

Send Public mailing list submissions to
	public at cabforum.org

To subscribe or unsubscribe via the World Wide Web, visit
	https://cabforum.org/mailman/listinfo/public
or, via email, send a message with subject or body 'help' to
	public-request at cabforum.org

You can reach the person managing the list at
	public-owner at cabforum.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Public digest..."


Today's Topics:

  1. For Discussion: S/MIME Working Group Charter (Tim Hollebeek)
  2. Re: For Discussion: S/MIME Working Group Charter (Tim Hollebeek)


----------------------------------------------------------------------

Message: 1
Date: Thu, 17 May 2018 22:39:12 +0000
From: Tim Hollebeek <tim.hollebeek at digicert.com>
To: CA/Browser Forum Public Discussion List <public at cabforum.org>
Subject: [cabfpub] For Discussion: S/MIME Working Group Charter
Message-ID:
	<BN6PR14MB1106B50F010C3C6130E302CC83910 at BN6PR14MB1106.namprd14.prod.outlook.com>
	
Content-Type: text/plain; charset="us-ascii"





A rough first draft, based on text I blatantly stole from the Server
Certificate Working Group Charter and draft Code Signing Working Group
Charter:



S/MIME Working Group Charter (should it be the Email Working Group, so it
can cover web-based mail as well?)



Upon approval of the CAB Forum by ballot, the S/MIME Working Group ("Working
Group") is created to perform the activities as specified in this Charter,
subject to the terms and conditions of the CA/Browser Forum Bylaws and
Intellectual Property Rights (IPR) Policy, as such documents may change from
time to time. The definitions found in the Forum's Bylaws shall apply to
capitalized terms in this Charter. 



SCOPE: The authorized scope of the S/MIME Working Group shall be as follows:




1. To specify S/MIME Baseline Requirements, Extended Validation Guidelines,
Network and Certificate System Security Requirements, and other acceptable
practices for the issuance and management of code signing certificates used
to sign executables, libraries, and apps. 



2. To update such requirements and guidelines from time to time, in order to
address both existing and emerging threats, including responsibility for the
maintenance of and future amendments to the current S/MIME Baseline
Requirements, Extended Validation Requirements, and Network and Certificate
System Security Requirements. 



3. To perform such other activities that are ancillary to the primary
activities listed above. 



OUT OF SCOPE: The S/MIME Working Group will not address certificates
intended to be used primarily for client or server authentication, Code
Signing, VoIP, IM, or Web services. The Code Signing Working Group will not
address the issuance, or management of certificates by enterprises that
operate their own Public Key Infrastructure for internal purposes only, and
for which the Root Certificate is not distributed by any Application
Software Supplier. 



Anticipated End Date: None. 



Initial chairs and contacts: TBD



Members eligible to participate: The Working Group shall consist of two
classes of voting members, the Certificate Issuers and the Certificate
Consumers. The CA Class shall consist of eligible Certificate Issuers and
Root Certificate Issuers meeting the following criteria: 



(1) Certificate Issuer: The member organization operates a certification
authority that has a current and successful WebTrust for CAs audit, or ETSI
TS 102042, ETSI 101456, or ETSI EN 319 411-1 audit report prepared by a
properly-qualified auditor, and that actively issues email certificates,
such certificates being treated as valid when verified by software from a
Certificate Consumer Member. Applicants that are not actively issuing
certificates but otherwise meet membership criteria 7 may be granted
Associate Member status under Bylaw Sec. 3.1 for a period of time to be
designated by the Forum. 



(2) Root Certificate Issuer: The member organization operates a
certification authority that has a current and successful WebTrust for CAs,
or ETSI TS 102042, ETSI TS 101456, ETSI EN 319 411-1 audit report prepared
by a properly-qualified auditor, and that actively issues email certificates
to subordinate CAs that, in turn, actively issue email certificates, such
certificates being treated as valid when verified by software from a
Certificate Consumer Member. Applicants that are not actively issuing
certificates but otherwise meet membership criteria may be granted Associate
Member status under Bylaw Sec. 3.1 for a period of time to be designated by
the Forum. 



(3) A Certificate Consumer can participate in this Working Group if it
produces a software product intended for use by the general public that can
validate S/MIME signatures attached to email messages. The Working Group
shall include Interested Parties and Associate Members as defined in the
Bylaws. Voting structure: In order for a ballot to be adopted by the Working
Group, two-thirds or more of the votes cast by the Certificate Issuers must
be in favor of the ballot and more than 50% of the votes cast by the
Certificate Consumers must be in favor of the ballot. At least one member of
each class must vote in favor of a ballot for it to be adopted. Quorum is
the average number of Member organizations (cumulative, regardless of Class)
that have participated in the previous three S/MIME Working Group Meetings
or Teleconferences (not counting subcommittee meetings thereof). If three
meetings have not yet occurred, quorum is ten (10). 



Summary of the work that the WG plans to accomplish: As specified in Scope
section above. 



Summary of major WG deliverables and guidelines: As specified in Scope
section above. 



Primary means of communication: listserv-based email, periodic calls, and
face-to-face meetings. 



IPR Policy: The CA/Browser Forum Intellectual Rights Policy, v. 1.3 or
later, SHALL apply to all Working Group activity.



[1] Email BRs?



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20180517/727d2b93/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20180517/727d2b93/attachment-0001.p7s>

------------------------------

Message: 2
Date: Thu, 17 May 2018 22:49:10 +0000
From: Tim Hollebeek <tim.hollebeek at digicert.com>
To: Tim Hollebeek <tim.hollebeek at digicert.com>, "CA/Browser Forum
	Public Discussion List" <public at cabforum.org>
Subject: Re: [cabfpub] For Discussion: S/MIME Working Group Charter
Message-ID:
	<BN6PR14MB1106063B28627FFB489D8E4B83910 at BN6PR14MB1106.namprd14.prod.outlook.com>
	
Content-Type: text/plain; charset="us-ascii"

Oops, missed a spot:



1. To specify S/MIME Baseline Requirements, Extended Validation Guidelines,
Network and Certificate System Security Requirements, and other acceptable
practices for the issuance and management of S/MIME certificates used to
sign and encrypt emails.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20180517/e549760d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/public/attachments/20180517/e549760d/attachment.p7s>

------------------------------

Subject: Digest Footer

_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public


------------------------------

End of Public Digest, Vol 73, Issue 80
**************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180517/1231bf54/attachment-0002.html>

More information about the Public mailing list