[Smcwg-public] CAA and S/MIME
Pedro FUENTES
pfuentes at WISEKEY.COM
Mon Oct 26 01:58:17 MST 2020
Hello,
I’d be totally aligned with this position… Generally speaking there are two fundamental differences between SSL and S/MIME:
- In SSL the certificate subscriber is typically the entity that is owner of the domain
- In S/MIME the certificate subscriber is a person that uses a particular email address
Given this consideration, I don’t see the convenience on adding a CAA requirement.
Best,
Pedro
> On 26 Oct 2020, at 09:49, Henschel, Andreas via Smcwg-public <smcwg-public at cabforum.org> wrote:
>
> Hey Stephen,
>
> CAA checking does only make any sense in the context of issuing s/mime certificates, if a CA issues s/mime certificates for the entire domain (e.g. a large company) without checking the ownership of every single email address.
> In my opinion it is not the descision of the mail provider from which CA the owner of a mail address wants to obtain s/mime certificates.
>
> Kind regards.
> Andreas
>
> Von: Smcwg-public <smcwg-public-bounces at cabforum.org> Im Auftrag von Stephen Davidson via Smcwg-public
> Gesendet: Samstag, 24. Oktober 2020 17:22
> An: smcwg-public at cabforum.org
> Betreff: [Smcwg-public] CAA and S/MIME
>
> Hello:
>
> The topic of Certification Authority Authorisation (CAA) has arisen a number of times in relation to the evolving S/MIME Baseline.
> I highlight a discussion on that subject related to the Mozilla policy: https://github.com/mozilla/pkipolicy/issues/135 <https://github.com/mozilla/pkipolicy/issues/135>
> A significant number of email providers – such as gmail.com, outlook.com, protonmail.com, and others – have CAA records.
>
> Questions for us to address later in our discussions:
>
> - Is CAA a desired requirement of the S/MIME Baseline?
> - Should the S/MIME Baseline rely upon the existing requirements stated in the TLS BR, or is the S/MIME use case sufficiently different to merit a separate CAA tag?
>
> Regards, Stephen
> _______________________________________________
> Smcwg-public mailing list
> Smcwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/smcwg-public
WISeKey SA
Pedro Fuentes
CSO - Trust Services Manager
Office: + 41 (0) 22 594 30 00
Mobile: + 41 (0) 791 274 790
Address: 29, Rte de Pré-Bois - CP 853 | Geneva 1215 CH - Switzerland
Stay connected with WISeKey <http://www.wisekey.com/>
THIS IS A TRUSTED MAIL: This message is digitally signed with a WISeKey identity. If you get a mail from WISeKey please check the signature to avoid security risks
CONFIDENTIALITY: This email and any files transmitted with it can be confidential and it’s intended solely for the use of the individual or entity to which they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. If you have received this email in error please notify the sender
DISCLAIMER: WISeKey does not warrant the accuracy or completeness of this message and does not accept any liability for any errors or omissions herein as this message has been transmitted over a public network. Internet communications cannot be guaranteed to be secure or error-free as information may be intercepted, corrupted, or contain viruses. Attachments to this e-mail are checked for viruses; however, we do not accept any liability for any damage sustained by viruses and therefore you are kindly requested to check for viruses upon receipt.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20201026/2f6cfb40/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3398 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20201026/2f6cfb40/attachment-0001.p7s>
More information about the Smcwg-public
mailing list