[cabfpub] Draft SMIME Working Group Charter

Ryan Sleevi sleevi at google.com
Mon Jan 28 19:21:53 UTC 2019


On Mon, Jan 28, 2019 at 2:17 PM Tim Hollebeek <tim.hollebeek at digicert.com>
wrote:

> The intent was that Forum level membership was the union of all CWG
> membership criteria.  If you’re able to join a CWG, you’re a Forum member.
>
>
>
> I think allowing in unaudited Certificate Issuers would be a huge step
> backwards.
>

Note that the proposal was not "unaudited" - merely, that the definition of
audit be left to "Certificate Consumer", which participation with is
already a required property.

For example, some Consumers allow audits by government entities, but then
constrain issuance using application-specific means (since, after all, this
is a trust anchor). Others allow for equivalent audit schemes at their
discretion.

Thus, it also runs the risk of being a "step backward" to have members who
are bound by various rules (such as an S/MIME Guideline) but that are
prevented by the Forum from joining unless they change their business,
governance, or auditability model. An example of this concretely is the
Federal PKI operated in the US.

While for SSL/TLS cases, I may be more inclined to agree, S/MIME represents
a particular area where given the nature of the 'localpart' of email
addresses (fully in control of the organization), delegated CAs and trust
relationships are far more common. For example, I don't have strong
opinions on how "*.gov" should be managed, with respect to S/MIME, provided
that the domain portion of the email is consistently validated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20190128/688d9754/attachment-0003.html>


More information about the Public mailing list