[Smcwg-public] Relevant S/MIME standards

Wiedenhorst, Matthias M.Wiedenhorst at tuvit.de
Tue Aug 4 23:50:10 MST 2020


Hello,

the requirements mentioned by Adriano are derived from the technical specification BSI-TR-03116-4 of the German BSI (Federal Office for Information Security).
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03116/BSI-TR-03116-4.html

In section 3 of that document, cryptographic requirements are specified for S/MIME that should be considered.

Unfortunately there seems to be no English translation available. The title translates to “Cryptographic requirements for projects of the federal government”. However, usage of the document is not strictly limited to the federal government but is also applied to various non-governmental (or at least not directly governmental :)) projects like the energy sector mentioned by Adriano.

Best regards
Matthias

Von: Smcwg-public <smcwg-public-bounces at cabforum.org> Im Auftrag von Adriano Santoni via Smcwg-public
Gesendet: Dienstag, 4. August 2020 08:00
An: smcwg-public at cabforum.org
Betreff: Re: [Smcwg-public] Relevant S/MIME standards


Hello,

there is a German standard that I think we should consider.

As of January 1, 2019, all operators in the German energy sector (the energy and water industry market) are required to use the RSASSA-PSS algorithm for signing S/MIME-based communications with market participants, and the S/MIME certificates themselves must be signed with RSASSA-PSS.

The relevant regulation can be found here, although in German only (I could not find an English translation):

https://www.edi-energy.de/index.php?id=38&tx_bdew_bdew%5Buid%5D=70&tx_bdew_bdew%5Baction%5D=download&tx_bdew_bdew%5Bcontroller%5D=Dokument&cHash=e0c45c5f51c7224743339c116feef613

Regards

Adriano


Il 03/08/2020 18:44, Stephen Davidson via Smcwg-public ha scritto:
Hello all:

SMCWG members are encouraged to submit relevant standards for S/MIME certificates for the group’s consideration via the public listserv.  Here are two important ones:


  1.  Mozilla Root Store Policy.  Particularly Section 2.2 (2) for validation of email control and Section 6.2 for S/MIME revocation events.   https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/
  2.  Gmail’s acceptable S/MIME certificate profiles for end entity certs, intermediate CAs, and root CAs: https://support.google.com/a/answer/7300887?hl=en&ref_topic=9061730

We are interested to know if similar S/MIME certificate profiles exist in government or industry standards.

Regards, Stephen



_______________________________________________

Smcwg-public mailing list

Smcwg-public at cabforum.org<mailto:Smcwg-public at cabforum.org>

https://lists.cabforum.org/mailman/listinfo/smcwg-public


______________________________________________________________________________________________________________________
Sitz der Gesellschaft/Headquarter: TÜV Informationstechnik GmbH * Langemarckstr. 20 * 45141 Essen, Germany
Registergericht/Register Court: Amtsgericht/Local Court Essen * HRB 11687 * USt.-IdNr./VAT No.: DE 176132277 * Steuer-Nr./Tax No.: 111/57062251
Geschäftsführung/Management Board: Dirk Kretzschmar



TÜV NORD GROUP
Expertise for your Success


Please visit our website: www.tuv-nord.com<http://www.tuv-nord.com>
Besuchen Sie unseren Internetauftritt: www.tuev-nord.de<http://www.tuev-nord.de>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20200805/88566422/attachment.html>


More information about the Smcwg-public mailing list