[Smcwg-public] Draft SMCWG agenda - Wednesday, April 27, 2022
Adriano Santoni
adriano.santoni at staff.aruba.it
Thu Apr 28 13:22:18 UTC 2022
+1
We would also strongly prefer that a standard TLS OV vetting model be
adopted, but preserving the inclusion of the subject:
organizationIdentifier attribute (in OV and SV certificates) which seems
to us an excellent idea to distinguish "ANY company called ExampleCo or
that it's THAT PARTICULAR company called ExampleCo registered in New
York ", a distinction that I believe ought always be possible before
relying on a" trusted "certificate.
Adriano
Il 27/04/2022 15:04, Doug Beattie via Smcwg-public ha scritto:
>
> Hi Stephen,
>
> Regarding the vetting process, I’d like to add one more to your list
> for consideration and that’s to use the standard TLS OV vetting model
> from the BRs, section 3.2 vs OV+ as shown below. Code Signing uses
> that same section as is, so for me, it would make sense to also have a
> flavor of S/MIME that uses that section without modification. Can we
> add a 4^th bullet to your agenda for that option to be considered?
>
> I also think there is a discussion to be had on audit requirements for
> Enterprise RA when adding a user’s name into the S/MIME certificates,
> maybe for a future meeting.
>
> Doug
>
> *From:*Smcwg-public <smcwg-public-bounces at cabforum.org> *On Behalf Of
> *Stephen Davidson via Smcwg-public
> *Sent:* Tuesday, April 26, 2022 6:09 PM
> *To:* SMIME Certificate Working Group <smcwg-public at cabforum.org>
> *Subject:* [Smcwg-public] Draft SMCWG agenda - Wednesday, April 27, 2022
>
>
> SMCWG Agenda
>
>
> Draft SMCWG agenda - Wednesday, April 27, 2022 at 11:00 am Eastern
> Time
>
>
> Here is a draft agenda for the teleconference described in the
> subject of this message. Please review and propose changes if
> necessary.
>
>
> 1. Roll Call
>
>
> 2. Read Antitrust / Compliance Statement
>
>
> 3. Review Agenda
>
>
> 4. Approval of minutes from teleconference of April 13, 2022
>
>
> 5. Discussion
>
>
> Previous WG discussions in 2021 focused upon whether the S/MIME BR
> needed to establish the O is ANY company called ExampleCo or that
> it's THAT PARTICULAR company called ExampleCo registered in New
> York. Based on feedback from Cert Consumers, WG discussion
> gravitated towards EV-like vetting and the inclusion of a unique
> identifier in the certificates (using the
> subject:organizationalIdentifer from ETSI and the EVG rather than
> the layered EV JOI attributes).
>
>
> Some CA concern has now been raised regarding EV as the choice for
> O vetting. Options to be discussed:
>
>
> • Go full EV (as currently proposed in Section 3.2.3 [org
> vetting], 3.26 [validation of authority], and 3.2.8 [reliability
> of sources] of the draft S/MIME BR, on basis has existing CABF
> approval/audit criteria)
>
>
> • Use modernized EV (what parts are best suited for the S/MIME
> use case? Have heard proposals to remove physical and operational
> presence, review roles, simplify the text)
>
>
> • Adopt OV+ (restrict to Gov data sources or
> active/corroborated LEI; provide more detail on attestations, roles)
>
>
> The goal is to resolve this remaining issue so we can move to
> Pre-Ballot discussion.
>
>
> 6. Any other business
>
>
> 7. Next call: Wednesday, May 11, 2022 at 11:00 am Eastern Time
>
>
> Adjourn
>
>
> _______________________________________________
> Smcwg-public mailing list
> Smcwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/smcwg-public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220428/63877438/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4557 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220428/63877438/attachment.p7s>
More information about the Smcwg-public
mailing list