[Smcwg-public] Vote for Approval - Ballot SMC01v3: Final Guideline for “S/MIME Baseline Requirements”

[Tim Hollebeek]

DigiCert votes YES on SMC01v3.

The current text is based on extensive discussions over the last year, including long discussions of the exact topics that were raised at the last minute.

The requirements are now aligned with the current best practices from ETSI for validation at the NCP level.  Further reductions in the validation level will only call into question the value of including identities in S/MIME certificates, resulting in a world where people are represented only by their email addresses, and not their identities.

-Tim

From: Smcwg-public <smcwg-public-bounces at cabforum.org> On Behalf Of Stephen Davidson via Smcwg-public
Sent: Tuesday, October 25, 2022 10:40 AM
To: smcwg-public at cabforum.org
Subject: [Smcwg-public] Vote for Approval - Ballot SMC01v3: Final Guideline for “S/MIME Baseline Requirements”

Ballot SMC01v3: Final Guideline for “S/MIME Baseline Requirements”

Purpose of Ballot:
The S/MIME Certificate Working Group was chartered to discuss, adopt, and maintain policies, frameworks, and standards for the issuance and management of Publicly-Trusted S/MIME Certificates.  This ballot adopts a new “S/MIME Baseline Requirements” that includes requirements for verification of control over email addresses, identity validation for natural persons and legal entities, key management and certificate lifecycle, certificate profiles for S/MIME Certificates and Issuing CA Certificates, as well as CA operational and audit practices.

An S/MIME Certificate for the purposes of this document can be identified by the existence of an Extended Key Usage (EKU) for id-kp-emailProtection (OID: 1.3.6.1.5.5.7.3.4) and the inclusion of a rfc822Name or an otherName of type id-on-SmtpUTF8Mailbox in the subjectAltName extension in the Certificate.

The following motion has been proposed by Stephen Davidson of DigiCert and endorsed by Martijn Katerbarg of Sectigo and Ben Wilson of Mozilla.

— MOTION BEGINS —

This ballot adopts the “Baseline Requirements for the Issuance and Management of Publicly-Trusted S/MIME Certificates” (“S/MIME Baseline Requirements”) as Version 1.0.0.
The proposed S/MIME Baseline Requirements may be found at https://github.com/cabforum/smime/pull/178/files or the attached document.
The SMCWG Chair or Vice-Chair is permitted to update the Relevant Dates and Version Number of the S/MIME Baseline Requirements to reflect final dates.

— MOTION ENDS —

This ballot proposes a Final Guideline. The procedure for approval of this ballot is as follows:

Discussion (7+ days)
Start Time: 14 October 2022 18:00 UTC
End Time: not before 21 October 2022 18:00 UTC

Vote for approval (7 days)
Start Time: 25 October 2022, 14:00 UTC
End Time: 1 November 2022, 14:00 UTC

IPR Review (60 days)

Charter Voting References:
Section 5.1 (“Voting Structure”) of the SMCWG Charter says:

In order for a ballot to be adopted by the SMCWG, two-thirds or more of the votes cast by the Certificate Issuers must be in favor of the ballot and more than 50% of the votes cast by the Certificate Consumers must be in favor of the ballot. At least one member of each class must vote in favor of a ballot for it to be adopted. Quorum is the average number of Member organizations (cumulative, regardless of Class) that have participated in the previous three (3) SMCWG Meetings or Teleconferences (not counting subcommittee meetings thereof).


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20221025/0d2794a4/attachment.html>