[Smcwg-public] CAA and S/MIME
Henschel, Andreas
a.henschel at d-trust.net
Mon Oct 26 01:49:00 MST 2020
Hey Stephen,
CAA checking does only make any sense in the context of issuing s/mime
certificates, if a CA issues s/mime certificates for the entire domain (e.g.
a large company) without checking the ownership of every single email
address.
In my opinion it is not the descision of the mail provider from which CA the
owner of a mail address wants to obtain s/mime certificates.
Kind regards.
Andreas
Von: Smcwg-public <smcwg-public-bounces at cabforum.org> Im Auftrag von Stephen
Davidson via Smcwg-public
Gesendet: Samstag, 24. Oktober 2020 17:22
An: smcwg-public at cabforum.org
Betreff: [Smcwg-public] CAA and S/MIME
Hello:
The topic of Certification Authority Authorisation (CAA) has arisen a number
of times in relation to the evolving S/MIME Baseline.
I highlight a discussion on that subject related to the Mozilla policy:
https://github.com/mozilla/pkipolicy/issues/135
A significant number of email providers - such as gmail.com, outlook.com,
protonmail.com, and others - have CAA records.
Questions for us to address later in our discussions:
- Is CAA a desired requirement of the S/MIME Baseline?
- Should the S/MIME Baseline rely upon the existing requirements
stated in the TLS BR, or is the S/MIME use case sufficiently different to
merit a separate CAA tag?
Regards, Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20201026/ed7b598d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5085 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20201026/ed7b598d/attachment.p7s>
More information about the Smcwg-public
mailing list