[Smcwg-public] [External Sender] Ballot SMC01v3: Final Guideline for “S/MIME Baseline Requirements”
Adriano Santoni
adriano.santoni at staff.aruba.it
Mon Oct 24 15:33:27 UTC 2022
All,
I apologize for raising doubts at the very "last minute", but since the
SMC BR are about to be put to the vote, I wanted to give them a complete
re-reading and I noticed a passage that leaves me a little perplexed.
Maybe this aspect was discussed at length, but then I missed that
discussion - sorry about that (in case).
Under "3.2.4.2 Validation of individual identity" we have the following
sentence:
> The CA or RA MAY use manual (in person) or remote procedures. A remote
> process SHALL ensure that the Applicant has the document in hand and
> presents the document /in real‐time /in front of a camera.
Where did we borrow "in real-time" from? Not from the TLS BR nor from
EVGL, it seems.
What's the rationale for that? It seems too demanding, to me, for S/MIME
certificates.
Several CAs that I am aware of are doing individual identity
verification (for S/MIME certificates) based on a Photo ID and a selfie
(showing both the Applicant and his/her Photo ID), and this latter is
not required to be taken in "real time".
I am therefore a bit surprised that all the people here agree on this
"in real time" which implies the non-compliance of current procedures
and the need to move to more complex and more expensive procedures.
Seems a bit excessive for S/MIME certificates.
Adriano
Il 14/10/2022 20:12, Stephen Davidson via Smcwg-public ha scritto:
> NOTICE: Pay attention - external email - Sender is
> 01000183d7b27b10-4ccf8875-64fd-49e8-817e-0df9fe3a5117-000000 at amazonses.com
>
>
>
>
> *Ballot SMC01v3: Final Guideline for “S/MIME Baseline Requirements” *
>
> **
>
> /Note: the voting period for this ballot will commence following the
> SMCWG session at the upcoming CA/B Forum face-to-face Meeting 57./
>
> **
>
> *Purpose of Ballot:*
>
> The S/MIME Certificate Working Group was chartered to discuss, adopt,
> and maintain policies, frameworks, and standards for the issuance and
> management of Publicly-Trusted S/MIME Certificates. This ballot
> adopts a new “S/MIME Baseline Requirements” that includes requirements
> for verification of control over email addresses, identity validation
> for natural persons and legal entities, key management and certificate
> lifecycle, certificate profiles for S/MIME Certificates and Issuing CA
> Certificates, as well as CA operational and audit practices.
>
> An S/MIME Certificate for the purposes of this document can be
> identified by the existence of an Extended Key Usage (EKU) for
> id-kp-emailProtection (OID: 1.3.6.1.5.5.7.3.4) and the inclusion of a
> rfc822Name or an otherName of type id-on-SmtpUTF8Mailbox in the
> subjectAltName extension in the Certificate.
>
> The following motion has been proposed by Stephen Davidson of DigiCert
> and endorsed by Martijn Katerbarg of Sectigo and Ben Wilson of Mozilla.
>
> In accordance with the By-Laws, the discussion period has been
> extended with the distribution of this new version of the ballot,
> incorporating content that arose during the discussion period
> including regarding the use of suspension and updating ETSI references
> in section 8.2.
>
> *Charter Voting References*
>
> Section 5.1 (“Voting Structure”) of the SMCWG Charter says:
>
> In order for a ballot to be adopted by the SMCWG, two-thirds or more
> of the votes cast by the Certificate Issuers must be in favor of the
> ballot and more than 50% of the votes cast by the Certificate
> Consumers must be in favor of the ballot. At least one member of each
> class must vote in favor of a ballot for it to be adopted. Quorum is
> the average number of Member organizations (cumulative, regardless of
> Class) that have participated in the previous three (3) SMCWG Meetings
> or Teleconferences (not counting subcommittee meetings thereof).
>
> *— MOTION BEGINS —*
>
> This ballot adopts the “Baseline Requirements for the Issuance and
> Management of Publicly-Trusted S/MIME Certificates” (“S/MIME Baseline
> Requirements”) as Version 1.0.0.
>
> The proposed S/MIME Baseline Requirements may be found at
> https://github.com/cabforum/smime/pull/178/files or the attached
> document. A redline of changes since the SMC01 Ballot discussion
> started may be found at
> https://github.com/cabforum/smime/compare/28c0b904fe54f1c5f6c71d18c4786a3e02c76f52...b1ff7867dc85392e4c57b1993ed571e61e34dee2
>
>
> The SMCWG Chair or Vice-Chair is permitted to update the Relevant
> Dates and Version Number of the S/MIME Baseline Requirements to
> reflect final dates.
>
> *— MOTION ENDS —*
>
> This ballot proposes a Final Guideline. The procedure for approval of
> this ballot is as follows:
>
> Discussion (7+ days)
>
> Start Time: 14 October 2022 14:00 ET (US Eastern)
>
> End Time: not before 21 October 2022 14:00 ET (US Eastern)
>
> Vote for approval (7 days)
>
> Start Time: To be confirmed
>
> End Time: To be confirmed
>
> IPR Review (60 days)
>
>
> _______________________________________________
> Smcwg-public mailing list
> Smcwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/smcwg-public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20221024/7841106e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4557 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20221024/7841106e/attachment.p7s>
More information about the Smcwg-public
mailing list