[Smcwg-public] 30-day Pre-Ballot Discussion Period of S/MIME BR

Bruce Morton Bruce.Morton at entrust.com
Fri May 6 18:22:48 UTC 2022


Hi Stephen,
Could we also have a Word version to review? I think this would be easier to share at work and capture suggested edits and comments, rather than sending a PDF.

Thanks, Bruce.
From: Smcwg-public <smcwg-public-bounces at cabforum.org> On Behalf Of Stephen Davidson via Smcwg-public
Sent: Thursday, May 5, 2022 10:57 AM
To: SMIME Certificate Working Group <smcwg-public at cabforum.org>
Subject: [EXTERNAL] [Smcwg-public] 30-day Pre-Ballot Discussion Period of S/MIME BR

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
________________________________
May 5, 2022
The S/MIME Certificate Working Group (SMCWG) of the CA/Browser Forum commences a 30-day pre-ballot discussion of the draft text of the "Baseline Requirements for the Issuance and Management of Publicly-Trusted S/MIME Certificates" (S/MIME BR).
The S/MIME BR describes an integrated set of technologies, protocols, identity-proofing, lifecycle management, and auditing requirements for certificate Issuers.  The draft is the culmination of work started in 2020 by a group of Certificate Issuers, Certificate Consumers (including both email user agents and email service providers), as well as other interested parties such as audit schemes and industry groups.
As agreed by the SMCWG, recognizing that the S/MIME BR will be a new standard, the pre-ballot discussion period allows organizations to complete their internal reviews of the draft before the final ballot is assembled.
Comments may be submitted by SMCWG members to the SMCWG public listserv (https://lists.cabforum.org/mailman/listinfo/smcwg-public<https://urldefense.com/v3/__https:/lists.cabforum.org/mailman/listinfo/smcwg-public__;!!FJ-Y8qCqXTj2!bxk09E_Wwhz6nvOr8dRwjL3lf1CXOQZR-oM4PA6Oflh1TPbrvLlSJbDPqQ-we9Gs1VGEhjFaz3oT4zToOGlKfpGVvq7H$>) or using the Issues functionality on GitHub (https://github.com/cabforum/smime/issues<https://urldefense.com/v3/__https:/github.com/cabforum/smime/issues__;!!FJ-Y8qCqXTj2!bxk09E_Wwhz6nvOr8dRwjL3lf1CXOQZR-oM4PA6Oflh1TPbrvLlSJbDPqQ-we9Gs1VGEhjFaz3oT4zToOGlKfr25MoAP$>).
The SMCWG will take advantage of the summer face-to-face meeting of the CABF to discuss and categorize any remaining issues that arise for resolution in this draft or a future version of the standard.
At that time, a roadmap will be set to solicit endorsers and to conduct an adoption ballot for version 1 of the S/MIME BR later in the summer, subject to the voting rules of the SMCWG charter and the CABF bylaws which call for a 7-day review and a 7-day ballot period.  A successful ballot will lead to a 60-day IPR review.
The draft of the S/MIME BR may be found at https://github.com/cabforum/smime/blob/preSBR/SBR.md<https://urldefense.com/v3/__https:/github.com/cabforum/smime/blob/preSBR/SBR.md__;!!FJ-Y8qCqXTj2!bxk09E_Wwhz6nvOr8dRwjL3lf1CXOQZR-oM4PA6Oflh1TPbrvLlSJbDPqQ-we9Gs1VGEhjFaz3oT4zToOGlKfiJsVS-C$> and as a PDF, attached.
Summary
The S/MIME BR describe four profiles for S/MIME certificates including:

  *   Mailbox-validated (include only an email address);
  *   Organization-validated (where the Subject is a Legal Entity);
  *   Sponsor-validated (where the Subject is a Natural Person associated with a Legal Entity, and recognizing the common use of Enterprise-specific registration authorities for this type of certificate); and
  *   Individual-validated (where the Subject is a Natural Person).
Each profile has Legacy, Multipurpose, and Strict generations with varying technical specifications for certificate content including Subject DN fields, extended key usages, and extensions.
Acknowledging that few standards exist today for the issuance of S/MIME certificates, and therefore there is great variety in existing practice, the draft standard has been designed to provide flexibility for CAs in bringing Publicly-Trusted S/MIME under a consistent regime, while moving to more defined standards over time.
In line with the SMCWG Charter, the S/MIME BR draft has maintained consistency where relevant with other CABF standards.
Given the greater handling of personal information for S/MIME certificates, the S/MIME BR includes requirements for data protection.
The SMCWG intends to move forward with additional standards work in future versions of the S/MIME BR, for example defining additional methods for verifying email control, the use of Certificate Authority Authorization (CAA), and addressing topics such as key generation and recovery in greater detail.
With kind regards,
Stephen Davidson
Chair, S/MIME Certificate Working Group

Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220506/21402a07/attachment.html>


More information about the Smcwg-public mailing list