[Smcwg-public] Relevant S/MIME standards
Wiedenhorst, Matthias
M.Wiedenhorst at tuvit.de
Tue Aug 4 23:50:10 MST 2020
Hello,
the requirements mentioned by Adriano are derived from the technical specification BSI-TR-03116-4 of the German BSI (Federal Office for Information Security).
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR03116/BSI-TR-03116-4.html
In section 3 of that document, cryptographic requirements are specified for S/MIME that should be considered.
Unfortunately there seems to be no English translation available. The title translates to “Cryptographic requirements for projects of the federal government”. However, usage of the document is not strictly limited to the federal government but is also applied to various non-governmental (or at least not directly governmental :)) projects like the energy sector mentioned by Adriano.
Best regards
Matthias
Von: Smcwg-public <smcwg-public-bounces at cabforum.org> Im Auftrag von Adriano Santoni via Smcwg-public
Gesendet: Dienstag, 4. August 2020 08:00
An: smcwg-public at cabforum.org
Betreff: Re: [Smcwg-public] Relevant S/MIME standards
Hello,
there is a German standard that I think we should consider.
As of January 1, 2019, all operators in the German energy sector (the energy and water industry market) are required to use the RSASSA-PSS algorithm for signing S/MIME-based communications with market participants, and the S/MIME certificates themselves must be signed with RSASSA-PSS.
The relevant regulation can be found here, although in German only (I could not find an English translation):
https://www.edi-energy.de/index.php?id=38&tx_bdew_bdew%5Buid%5D=70&tx_bdew_bdew%5Baction%5D=download&tx_bdew_bdew%5Bcontroller%5D=Dokument&cHash=e0c45c5f51c7224743339c116feef613
Regards
Adriano
Il 03/08/2020 18:44, Stephen Davidson via Smcwg-public ha scritto:
Hello all:
SMCWG members are encouraged to submit relevant standards for S/MIME certificates for the group’s consideration via the public listserv. Here are two important ones:
1. Mozilla Root Store Policy. Particularly Section 2.2 (2) for validation of email control and Section 6.2 for S/MIME revocation events. https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/
2. Gmail’s acceptable S/MIME certificate profiles for end entity certs, intermediate CAs, and root CAs: https://support.google.com/a/answer/7300887?hl=en&ref_topic=9061730
We are interested to know if similar S/MIME certificate profiles exist in government or industry standards.
Regards, Stephen
_______________________________________________
Smcwg-public mailing list
Smcwg-public at cabforum.org<mailto:Smcwg-public at cabforum.org>
https://lists.cabforum.org/mailman/listinfo/smcwg-public
______________________________________________________________________________________________________________________
Sitz der Gesellschaft/Headquarter: TÜV Informationstechnik GmbH * Langemarckstr. 20 * 45141 Essen, Germany
Registergericht/Register Court: Amtsgericht/Local Court Essen * HRB 11687 * USt.-IdNr./VAT No.: DE 176132277 * Steuer-Nr./Tax No.: 111/57062251
Geschäftsführung/Management Board: Dirk Kretzschmar
TÜV NORD GROUP
Expertise for your Success
Please visit our website: www.tuv-nord.com<http://www.tuv-nord.com>
Besuchen Sie unseren Internetauftritt: www.tuev-nord.de<http://www.tuev-nord.de>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20200805/88566422/attachment.html>
More information about the Smcwg-public
mailing list