[Smcwg-public] Draft SMCWG agenda - Wednesday, April 27, 2022

Doug Beattie doug.beattie at globalsign.com
Wed Apr 27 13:04:12 UTC 2022

Hi Stephen,


Regarding the vetting process, I'd like to add one more to your list for
consideration and that's to use the standard TLS OV vetting model from the
BRs, section 3.2 vs OV+ as shown below.  Code Signing uses that same section
as is, so for me, it would make sense to also have a flavor of S/MIME that
uses that section without modification.  Can we add a 4th bullet to your
agenda for that option to be considered?


I also think there is a discussion to be had on audit requirements for
Enterprise RA when adding a user's name into the S/MIME certificates, maybe
for a future meeting.




From: Smcwg-public <smcwg-public-bounces at cabforum.org> On Behalf Of Stephen
Davidson via Smcwg-public
Sent: Tuesday, April 26, 2022 6:09 PM
To: SMIME Certificate Working Group <smcwg-public at cabforum.org>
Subject: [Smcwg-public] Draft SMCWG agenda - Wednesday, April 27, 2022


SMCWG Agenda

Draft SMCWG agenda - Wednesday, April 27, 2022 at 11:00 am Eastern Time

Here is a draft agenda for the teleconference described in the subject of
this message. Please review and propose changes if necessary.

1.            Roll Call 

2.            Read Antitrust / Compliance Statement

3.            Review Agenda

4.            Approval of minutes from teleconference of April 13, 2022

5.            Discussion 

Previous WG discussions in 2021 focused upon whether the S/MIME BR needed to
establish the O is ANY company called ExampleCo or that it's THAT PARTICULAR
company called ExampleCo registered in New York. Based on feedback from Cert
Consumers, WG discussion gravitated towards EV-like vetting and the
inclusion of a unique identifier in the certificates (using the
subject:organizationalIdentifer from ETSI and the EVG rather than the
layered EV JOI attributes).

Some CA concern has now been raised regarding EV as the choice for O
vetting.  Options to be discussed:

.     Go full EV (as currently proposed in Section 3.2.3 [org vetting], 3.26
[validation of authority], and 3.2.8 [reliability of sources] of the draft
S/MIME BR, on basis has existing CABF approval/audit criteria)

.     Use modernized EV (what parts are best suited for the S/MIME use case?
Have heard proposals to remove physical and operational presence, review
roles, simplify the text)

.     Adopt OV+ (restrict to Gov data sources or active/corroborated LEI;
provide more detail on attestations, roles)

The goal is to resolve this remaining issue so we can move to Pre-Ballot

6.            Any other business 

7.            Next call:  Wednesday, May 11, 2022 at 11:00 am Eastern Time




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220427/36addc5a/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 8404 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220427/36addc5a/attachment-0001.p7s>

More information about the Smcwg-public mailing list