[Smcwg-public] Relevant S/MIME standards
Wendy Brown - QT3LB-C
wendy.brown at gsa.gov
Tue Aug 4 13:14:35 MST 2020
Attached is a word version that contains relevant cert profiles from the US
Federal PKI.
This is a newer format for our profiles which I think is more readable than
what is currently published. This document should be publicly available in
a few weeks, it is currently going through a final approval process.
I have removed cert profiles that are not directly relevant from this
document, however I left in one for user authentication. I'd just like to
note that in the US federal government we currently use a 3 cert model for
people certificates - separate certs for client authentication such as
smart card logon, digital signature, and key management, in most cases all
3 certificates are issued from the same issuing CA for a given user. Both
the digital signature and key management cert profiles would be used for
email protection - one for digitally signing and the other for encryption
of emails.
I also started adding in some comments on some cert extensions that the WG
may not want to require for everyone, but we would like to see allowed.
thanks,
Wendy
Wendy Brown
Supporting GSA FPKI
Protiviti Government Services
703-965-2990 (cell)
wendy.brown at gsa.gov
wendy.brown at protiviti.com
On Mon, Aug 3, 2020 at 12:45 PM Stephen Davidson via Smcwg-public <
smcwg-public at cabforum.org> wrote:
> Hello all:
>
>
>
> SMCWG members are encouraged to submit relevant standards for S/MIME
> certificates for the group’s consideration via the public listserv. Here
> are two important ones:
>
>
>
> - Mozilla Root Store Policy. Particularly Section 2.2 (2) for
> validation of email control and Section 6.2 for S/MIME revocation events.
> https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/
> - Gmail’s acceptable S/MIME certificate profiles for end entity certs,
> intermediate CAs, and root CAs:
> https://support.google.com/a/answer/7300887?hl=en&ref_topic=9061730
>
>
>
> We are interested to know if similar S/MIME certificate profiles exist in
> government or industry standards.
>
>
>
> Regards, Stephen
> _______________________________________________
> Smcwg-public mailing list
> Smcwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/smcwg-public
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20200804/54b06c5b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Common Policy Certificate and CRL Profile v 2 0 (7132020) - for SMIME suggestion.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 124871 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20200804/54b06c5b/attachment-0001.docx>
More information about the Smcwg-public
mailing list