[Smcwg-public] Require proof-of-possession for SMIME certificate issuance

Stephen Davidson Stephen.Davidson at digicert.com
Tue Dec 29 16:36:51 UTC 2020


Thank you Ben.  Noted for further SMCWG discussion:

- check proof of possession of private key

- CAA checking

Happy new year and best regards, Stephen



From: Smcwg-public <smcwg-public-bounces at cabforum.org> On Behalf Of Ben Wilson via Smcwg-public
Sent: Tuesday, December 29, 2020 12:05 PM
To: SMIME Certificate Working Group <smcwg-public at cabforum.org>
Subject: [Smcwg-public] Require proof-of-possession for SMIME certificate issuance



The SMIME requirements document, which this WG is developing, should address the degree of verification needed to bind the email address to the key pair. The applicant and the CA should be required to use a secure process to establish that the entity controlling the email address also controls the public-private key pair. This is mentioned on the Mozilla GitHub policy issues board - https://github.com/mozilla/pkipolicy/issues/215

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20201229/5be4c784/attachment.html>


More information about the Smcwg-public mailing list