[Smcwg-public] S/MIME changes in Apple Root Certificate Program
Stephen Davidson
Stephen.Davidson at digicert.com
Mon Jan 31 18:56:50 UTC 2022
Relevant to the work of the SMCWG, Apple has made updates to its Certificate Program requirements, some of which impact S/MIME Certificates:
Effective April 1, 2022, S/MIME certificates must:
********* include the emailProtection EKU
********* include at least one subjectAlternativeName rFC822Name value containing an email address
********* not have a validity period greater than 1185 days
********* use a signature hash algorithm of greater than or equal strength to SHA-256 (see section 7.1.3.1 and 7.1.3.2 of the CA/B Forum’s Baseline Requirements).
********* meet the following key size requirements:
o For RSA key pairs, the modulus size must be at least 2048 bits when encoded and its size in bits must be evenly divisible by 8.
o For ECDSA key pairs, the key must represent a valid point on the NIST P‐256, NIST P‐384 or NIST P‐521 named elliptic curve.
The full detail is at https://www.apple.com/certificateauthority/ca_program.html
Regards, Stephen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220131/325438b9/attachment.html>
More information about the Smcwg-public
mailing list