[Smcwg-public] Stable Draft of S/MIME Certificate Profiles
Stephen.Davidson at digicert.com
Thu Sep 30 20:55:32 UTC 2021
The S/MIME Certificate Working Group has now completed work on a stable draft of the certificate profiles that will be included in the future S/MIME Baseline Requirements.
The WG requests that members share this with their product and technical teams seeking feedback as the pace will pick up to turn these worksheets into a draft standard:
The S/MIME BR will apply to "trusted" leaf certs with emailProtection EKU and at least one email address in Subject / SAN.
By way of explanation of the worksheet:
* SMIME Types - explains the OID structure and cert profile types
* Leaf Profile - explains the certificate fields common to the various cert profile types
There are then 4 major cert profiles showing the major differences in Subject, eKU, keyUsage, and extensions:
* Mailbox - The simplest S/MIME, including only email address. The same email control verification methods apply across all S/MIME types.
* Organizational - Includes Organization details (legal entity). Example uses include invoice or statement mailers, etc.
* Sponsored Individual - Includes personal details (for natural person, which may be validated by Enterprise RA) in association with Organisation details (validated by the CA).
* Personal Individual - Includes personal details (for natural person).
Each of the cert profile types will have three available levels:
* Legacy - Allows all public S/MIME to an auditable framework but includes flexibility in allowed field usages and verification. The intent is that this profile will eventually be sunsetted.
* Multipurpose - Aligned with the Strict profile, but with more flexibility in the eKU (primarily to allow overlap with existing use cases such as document signing).
* Strict - The final goal profile. Strict definition and dedicated eKU.
Discussion is welcomed on list, but we will also dedicate time in our meeting on October 27 for feedback. Tentatively, we will also start considering CA profiles at that time.
With kind regards,
Chair, S/MIME Certificate Working Group
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Smcwg-public