[Smcwg-public] some thoughts on s/mime requirement sets
Russ Housley
housley at vigilsec.com
Thu Aug 20 11:21:03 MST 2020
Andreas:
And there are also certificates associated with private keys that are help in cloud-based user agents. These are similar to the once in (c), but they have a different risk profile.
Russ
> On Aug 20, 2020, at 8:20 AM, Henschel, Andreas via Smcwg-public <smcwg-public at cabforum.org> wrote:
>
> Dear smcwg members,
>
> please let me share some thoughts on our yesterdays call of the smcwg.
>
> S/mime certificates are kind of different to all other certificates handled
> by cabforum so far, because of the very different usecases and user
> environments.
>
> Just to bring some cases and related topics up:
>
> a. certificates on (highly) secure token
> -> it is not a good idea to encrypt anything with keys, which could
> not have any backups, but encryption is one of the key features of s/mime
> certificates
>
> b. group or domain certificates
> -> key management done by an email gateway
> -> just copy and distribute the encrypted key to any user of the
> group address
>
> c. certificates on mobile devices
> -> nearly no key management possible done by the user
> -> quite impossible to use hardware token on mobiles
>
> d. certificates stored in an OS keystore
>
> e. different purposes or different combinations of purposes
> -> signing mails to guarantee integrity
> -> signing mails to claim authenticity
> -> encrypting mails to guarantee confidentiality
> -> signing mails for content commitment or wilful acts
>
>
> I think, we could find a lot more usecases and user environments of s/mime
> certificates easily.
> But from my point of view, it could be quite impossible to find all
> usecases, where thoses certificates are allready used.
>
> So it could be more helpful for the first step of collecting the
> requirements, to start with the absolute minimum level, such for example to
> set the maximum validity period in general to 39 months or even a bit
> longer. As far as I know, many CAs offer certificates with a validity period
> of three years, but i've seen even five years.
> For example, if we start just with the purpose of "signing mails to
> guarantee integrity" the validity periode of the certificate does not even
> really matter.
>
> With this mind set, we should step through all points of applicable
> requirements for the first draft.
>
> After having a basic and accepted (and usable) minimum level, we can and
> should tighten security requirements where applicable.
>
>
> Kind regards,
> Andreas
>
>
>
> Andreas Henschel
>
> Principal product certification ETSI / eIDAS
> DTr PCS CM
> ------------------------------------------------------------------
> D-Trust GmbH | A Bundesdruckerei company
> Kommandantenstr. 15
> 10969 Berlin , Germany
>
> _______________________________________________
> Smcwg-public mailing list
> Smcwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/smcwg-public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 235 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20200820/ff47544c/attachment.sig>
More information about the Smcwg-public
mailing list