[Smcwg-public] Updates to 3.2.4.1/4 relying on signature for personal vetting

Clint Wilson clintw at apple.com
Fri Aug 5 20:24:51 UTC 2022


Hi Stephen,

I think this is definitely moving in a better direction, but it seems like we should be processing all frameworks prior to inclusion in the SBRs. Or have the Approved frameworks already gone through a CA/BF review that would be applicable to this usage of them? If so, can you help me find that as I’ve so far failed to do so?

I retain reservations about 3.2.4.1.(4) in general. It seems analogous, though not identical, to previous “any other method” processes and fundamentally shifts the responsibility of data verification away from the CA issuing the certificate in question, which inherently introduces some risk which remains unaddressed AFAICT. Perhaps it can be made to work, but the more I look at this section, the more I think this belongs in a future ballot where sufficient attention can be given to the expansion of scope it brings into the SBRs.

Cheers,
-Clint

> On Aug 4, 2022, at 3:06 PM, Stephen Davidson via Smcwg-public <smcwg-public at cabforum.org> wrote:
> 
> Hello:
>  
> Certificate Issuer members of the SMCWG had noted a desire to expand the list of regimes of digital certificates that may be relied upon in personal validation.  It was also suggested by a Certificate Consumer that criteria for evaluating these regimes be described.
>  
> Based on our discussions, I have proposed some text in the draft as follows:
>  
> https://github.com/cabforum/smime/commit/33ce560204eaed4162cb70c919bf9f86ffac90cc <https://github.com/cabforum/smime/commit/33ce560204eaed4162cb70c919bf9f86ffac90cc>
>  
> Thanks to Ashish Dhiman and to Eva Van Steenberge for the help!
>  
> Regards, Stephen
> _______________________________________________
> Smcwg-public mailing list
> Smcwg-public at cabforum.org <mailto:Smcwg-public at cabforum.org>
> https://lists.cabforum.org/mailman/listinfo/smcwg-public <https://lists.cabforum.org/mailman/listinfo/smcwg-public>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220805/27879b0d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3621 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220805/27879b0d/attachment.p7s>


More information about the Smcwg-public mailing list