[Smcwg-public] 30-day Pre-Ballot Discussion Period of S/MIME BR

Wendy Brown - QT3LB-C wendy.brown at gsa.gov
Mon May 9 16:40:23 UTC 2022


Thanks Stephen
I appreciate  the willingness to support all requested formats 🙂

Wendy

Wendy Brown
Supporting GSA FPKI
Protiviti Government Services

 703-965-2990 (cell)

wendy.brown at gsa.gov
wendy.brown at protiviti.com


On Mon, May 9, 2022 at 12:14 PM Stephen Davidson via Smcwg-public <
smcwg-public at cabforum.org> wrote:

> Hello all:
>
> Attached is the draft in various formats.
>
> Best regards, Stephen
>
>
>
> *From:* Bruce Morton <Bruce.Morton at entrust.com>
> *Sent:* Friday, May 6, 2022 3:23 PM
> *To:* Stephen Davidson <Stephen.Davidson at digicert.com>; SMIME Certificate
> Working Group <smcwg-public at cabforum.org>
> *Subject:* RE: 30-day Pre-Ballot Discussion Period of S/MIME BR
>
>
>
> Hi Stephen,
>
> Could we also have a Word version to review? I think this would be easier
> to share at work and capture suggested edits and comments, rather than
> sending a PDF.
>
>
>
> Thanks, Bruce.
>
> *From:* Smcwg-public <smcwg-public-bounces at cabforum.org> *On Behalf Of *Stephen
> Davidson via Smcwg-public
> *Sent:* Thursday, May 5, 2022 10:57 AM
> *To:* SMIME Certificate Working Group <smcwg-public at cabforum.org>
> *Subject:* [EXTERNAL] [Smcwg-public] 30-day Pre-Ballot Discussion Period
> of S/MIME BR
>
>
>
> WARNING: This email originated outside of Entrust.
> DO NOT CLICK links or attachments unless you trust the sender and know the
> content is safe.
> ------------------------------
>
> May 5, 2022
>
> The S/MIME Certificate Working Group (SMCWG) of the CA/Browser Forum
> commences a 30-day pre-ballot discussion of the draft text of the “Baseline
> Requirements for the Issuance and Management of Publicly-Trusted S/MIME
> Certificates” (S/MIME BR).
>
> The S/MIME BR describes an integrated set of technologies, protocols,
> identity-proofing, lifecycle management, and auditing requirements for
> certificate Issuers.  The draft is the culmination of work started in 2020
> by a group of Certificate Issuers, Certificate Consumers (including both
> email user agents and email service providers), as well as other interested
> parties such as audit schemes and industry groups.
>
> As agreed by the SMCWG, recognizing that the S/MIME BR will be a new
> standard, the pre-ballot discussion period allows organizations to complete
> their internal reviews of the draft before the final ballot is assembled.
>
> Comments may be submitted by SMCWG members to the SMCWG public listserv (
> https://lists.cabforum.org/mailman/listinfo/smcwg-public
> <https://urldefense.com/v3/__https:/lists.cabforum.org/mailman/listinfo/smcwg-public__;!!FJ-Y8qCqXTj2!bxk09E_Wwhz6nvOr8dRwjL3lf1CXOQZR-oM4PA6Oflh1TPbrvLlSJbDPqQ-we9Gs1VGEhjFaz3oT4zToOGlKfpGVvq7H$>)
> or using the Issues functionality on GitHub (
> https://github.com/cabforum/smime/issues
> <https://urldefense.com/v3/__https:/github.com/cabforum/smime/issues__;!!FJ-Y8qCqXTj2!bxk09E_Wwhz6nvOr8dRwjL3lf1CXOQZR-oM4PA6Oflh1TPbrvLlSJbDPqQ-we9Gs1VGEhjFaz3oT4zToOGlKfr25MoAP$>).
>
>
> The SMCWG will take advantage of the summer face-to-face meeting of the
> CABF to discuss and categorize any remaining issues that arise for
> resolution in this draft or a future version of the standard.
>
> At that time, a roadmap will be set to solicit endorsers and to conduct an
> adoption ballot for version 1 of the S/MIME BR later in the summer, subject
> to the voting rules of the SMCWG charter and the CABF bylaws which call for
> a 7-day review and a 7-day ballot period.  A successful ballot will lead to
> a 60-day IPR review.
>
> The draft of the S/MIME BR may be found at
> https://github.com/cabforum/smime/blob/preSBR/SBR.md
> <https://urldefense.com/v3/__https:/github.com/cabforum/smime/blob/preSBR/SBR.md__;!!FJ-Y8qCqXTj2!bxk09E_Wwhz6nvOr8dRwjL3lf1CXOQZR-oM4PA6Oflh1TPbrvLlSJbDPqQ-we9Gs1VGEhjFaz3oT4zToOGlKfiJsVS-C$>
> and as a PDF, attached.
>
> *Summary*
>
> The S/MIME BR describe four profiles for S/MIME certificates including:
>
>    - Mailbox-validated (include only an email address);
>    - Organization-validated (where the Subject is a Legal Entity);
>    - Sponsor-validated (where the Subject is a Natural Person associated
>    with a Legal Entity, and recognizing the common use of Enterprise-specific
>    registration authorities for this type of certificate); and
>    - Individual-validated (where the Subject is a Natural Person).
>
> Each profile has Legacy, Multipurpose, and Strict generations with varying
> technical specifications for certificate content including Subject DN
> fields, extended key usages, and extensions.
>
> Acknowledging that few standards exist today for the issuance of S/MIME
> certificates, and therefore there is great variety in existing practice,
> the draft standard has been designed to provide flexibility for CAs in
> bringing Publicly-Trusted S/MIME under a consistent regime, while moving to
> more defined standards over time.
>
> In line with the SMCWG Charter, the S/MIME BR draft has maintained
> consistency where relevant with other CABF standards.
>
> Given the greater handling of personal information for S/MIME
> certificates, the S/MIME BR includes requirements for data protection.
>
> The SMCWG intends to move forward with additional standards work in future
> versions of the S/MIME BR, for example defining additional methods for
> verifying email control, the use of Certificate Authority Authorization
> (CAA), and addressing topics such as key generation and recovery in greater
> detail.
>
> With kind regards,
>
> Stephen Davidson
> Chair, S/MIME Certificate Working Group
>
>
>
> *Any email and files/attachments transmitted with it are confidential and
> are intended solely for the use of the individual or entity to whom they
> are addressed. If this message has been sent to you in error, you must not
> copy, distribute or disclose of the information it contains. Please notify
> Entrust immediately and delete the message from your system.*
> _______________________________________________
> Smcwg-public mailing list
> Smcwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/smcwg-public
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220509/c6a109f5/attachment-0001.html>


More information about the Smcwg-public mailing list