[Smcwg-public] Proposed method for "validating applicant as operator of associated mail servers"

Stephen Davidson Stephen.Davidson at digicert.com
Wed Jan 19 17:17:10 UTC 2022


Hello all:



Per our discussion today of the draft text of section 3.2.2 "Validation of mailbox authorization or control<https://github.com/cabforum/smime/blob/preSBR/SBR.md#322-validation-of-mailbox-authorization-or-control>" Fotis Loukos has proposed a new method for "validating applicant as operator of associated mail servers."  This would apply in cases where I have my own domain but redirect/outsource the operation of my entire email domain to a service.



I believe that we should accommodate this common use case in the S/MIME BR, but know that it's different from our previous discussions on mailbox verification which centered mainly on familiar methods from the TLS BR.  As such, I attach the proposed text below and hope that WG members can review the associated RFC 5321 Section 5.1 and provide feedback on list.  For example, this may tie in with another agenda item on the reuse periods for different types of verification. If needed we can schedule specific time (perhaps at the F2F) to work on this as well.



It was a useful call today; thank you.

Regards, Stephen







#### 3.2.2.3 Validating applicant as operator of associated mail server(s)



Confirming the Applicant's control over the rfc822Name email address by confirming control of the SMTP FQDN to which a message delivered to the email address should be directed. The SMTP FQDN MUST be identified using the address resolution algorithm defined in RFC 5321 Section 5.1 which determines which SMTP FQDNs are authoritative for a given email address. If more than one SMTP FQDNs have been discovered, the CA MUST verify control of an SMTP FQDN following the selection process at RFC 5321 Section 5.1.



When confirming the Applicant's control of the SMTP FQDN, the CA MUST use the methods described in Section 3.2.2.4 of the TLS Baseline Requirements.



This method is suitable for validating control of all email addresses under a single domain.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220119/9a7e776d/attachment.html>


More information about the Smcwg-public mailing list