[Smcwg-public] Require proof-of-possession for SMIME certificate issuance

Ben Wilson bwilson at mozilla.com
Tue Dec 29 16:04:22 UTC 2020


The SMIME requirements document, which this WG is developing, should
address the degree of verification needed to bind the email address to the
key pair. The applicant and the CA should be required to use a secure
process to establish that the entity controlling the email address also
controls the public-private key pair. This is mentioned on the Mozilla
GitHub policy issues board - https://github.com/mozilla/pkipolicy/issues/215
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20201229/fa3a0364/attachment.html>


More information about the Smcwg-public mailing list