[Smcwg-public] Ballot SMC01: Final Guideline for “S/MIME Baseline Requirements”

Dimitris Zacharopoulos (HARICA) dzacharo at harica.gr
Tue Sep 13 10:24:47 UTC 2022 

After a more detailed review by the HARICA team, we noticed some areas 
of concern that we hope will be considered for update by the authors and 
endorsers of this ballot.

  * 7.1.2.3 c
      o authorityInformationAccess (*SHALL *be present) ->
        authorityInformationAccess (*SHOULD *be present) [Rationale:
        OCSP is not currently required for S/MIME Certificates by all
        Certificate Consumers. Only Microsoft Root Program requires it
        and perhaps this is due to a copy-over from the TLS BRs without
        performing a technical analysis specifically on S/MIME or
        clientAuth or codeSigning Certificates. The CSCWG already
        removed the requirement for OCSP in Subscriber Certificates in
        the CSBRs].
      o The authorityInformationAccess extension *SHALL *contain at
        least one accessMethod value of type id-ad-ocsp that specifies
        the URI of the Issuing CA’s OCSP responder. -> The
        authorityInformationAccess extension *MAY *contain at least one
        accessMethod value of type id-ad-ocsp that specifies the URI of
        the Issuing CA’s OCSP responder. [Rationale: same as above]
  * 7.1.4.2.4 Subject DN attributes for organization-validated profile
    and 7.1.4.2.5 Subject DN attributes for sponsor-validated profile
         subject:countryName *MAY *-> subject:countryName *SHALL
    *[Rationale: Organization Names must contain a Country Name to
    indicate where this Organization is located. This applies to the
    organization-validated and the sponsor-validated profile. It is also
    referenced in Appendix A - Registration Schemes]


Thank you,
Dimitris.


On 8/9/2022 10:03 π.μ., Stephen Davidson via Smcwg-public wrote:
>
> *Ballot SMC01: Final Guideline for “S/MIME Baseline Requirements” *
>
> **
>
> *Purpose of Ballot:*
>
> The S/MIME Certificate Working Group was chartered to discuss, adopt, 
> and maintain policies, frameworks, and standards for the issuance and 
> management of Publicly-Trusted S/MIME Certificates.  This ballot 
> adopts a new “S/MIME Baseline Requirements” that includes requirements 
> for verification of control over email addresses, identity validation 
> for natural persons and legal entities, key management and certificate 
> lifecycle, certificate profiles for S/MIME Certificates and Issuing CA 
> Certificates, as well as CA operational and audit practices.
>
> An S/MIME Certificate for the purposes of this document can be 
> identified by the existence of an Extended Key Usage (EKU) for 
> id-kp-emailProtection (OID: 1.3.6.1.5.5.7.3.4) and the inclusion of a 
> rfc822Name or an otherName of type id-on-SmtpUTF8Mailbox in the 
> subjectAltName extension in the Certificate.
>
> The following motion has been proposed by Stephen Davidson of DigiCert 
> and endorsed by Martijn Katerbarg of Sectigo and ­­­Ben Wilson of Mozilla.
>
> *Charter Voting References*
>
> Section 5.1 (“Voting Structure”) 
> <https://github.com/cabforum/servercert/blob/e6ad111f4477010cbff409cd939c5ac1c7c85ccc/docs/SMCWG-charter.md#51-voting-structure>of 
> the SMCWG Charter says:
>
> In order for a ballot to be adopted by the SMCWG, two-thirds or more 
> of the votes cast by the Certificate Issuers must be in favor of the 
> ballot and more than 50% of the votes cast by the Certificate 
> Consumers must be in favor of the ballot. At least one member of each 
> class must vote in favor of a ballot for it to be adopted. Quorum is 
> the average number of Member organizations (cumulative, regardless of 
> Class) that have participated in the previous three (3) SMCWG Meetings 
> or Teleconferences (not counting subcommittee meetings thereof).
>
> *— MOTION BEGINS —**
> *
> This ballot adopts the “Baseline Requirements for the Issuance and 
> Management of Publicly-Trusted S/MIME Certificates” (“S/MIME Baseline 
> Requirements”) as Version 1.0.0.
>
> The proposed S/MIME Baseline Requirements may be found at 
> https://github.com/cabforum/smime/compare/7b3ab3c55dd92052a8dc0d4f85a2ac26269c222e...28c0b904fe54f1c5f6c71d18c4786a3e02c76f52 
> or the attached document.
>
> The SMCWG Chair or Vice-Chair is permitted to update the Relevant 
> Dates and Version Number of the S/MIME Baseline Requirements to 
> reflect final dates.
>
> *— MOTION ENDS —**
> *
> This ballot proposes a Final Guideline. The procedure for approval of 
> this ballot is as follows:
>
> Discussion (7+ days)
> Start Time: 8 September 2022 17:00 UTC
> End Time: 15 September 2022 17:00 UTC
>
> Vote for approval (7 days)
> Start Time: 15 September 2022 17:00 UTC
> End Time: 22 September 2022 17:00 UTC
>
> IPR Review (60 days)
>
>
> _______________________________________________
> Smcwg-public mailing list
> Smcwg-public at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/smcwg-public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220913/ded4490e/attachment.html>

More information about the Smcwg-public mailing list