[Smcwg-public] Ballot SMC01: Final Guideline for “S/MIME Baseline Requirements”
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Tue Sep 13 15:46:04 UTC 2022
I agree with the assessment that the NCSSRs mostly related to TLS. This
means that for certificate types not related to existing CA/B Forum
Guidelines (TLS, Code Signing), some CAs might find it really surprising
having to implement the entirety of the NCSSRs, especially the
air-gapped/offline RootCA requirements for S/MIME hierarchies.
It's also very challenging for a CA to implement a roll-over S/MIME
hierarchy (with an air-gapped/offline Root CA) within 3-6 months and
complete Root inclusion requests, get ubiquity and so on.
Dear Hongquan, is this the major concern or you see other issues with
the adoption of the NCSSRs for S/MIME hierarchies in the SMBRs?
On 13/9/2022 2:40 μ.μ., Hongquan Yin via Smcwg-public wrote:
> After sharing the guideline to more people in Microsoft, we have some
> feedback regarding below line:
> “6.7 Network security controls
> The CA/Browser Forum’s Network and Certificate System Security
> Requirements are incorporated by reference as if fully set forth herein.”
> While the goal of the NCSSR’s is to be certificate agnostic, the
> history is mostly related to TLS. There’s a risk that a requirement
> has already been implemented or could be implemented that would
> conflict with S/MIME requirements. We would recommend adding a
> statement that if there are any conflicts, that the S/MIME Baseline
> Requirements take precedence.
> Possibly add a sentence such as: “In the event of a conflict between
> the S/MIME BRs and the NCSSRs, the S/MIME BRs will take precedence.”
> Thank you for considering the change.
> *Ho*ngquan *Yi*n
> *From:* Smcwg-public <smcwg-public-bounces at cabforum.org> *On Behalf Of
> *Stephen Davidson via Smcwg-public
> *Sent:* Thursday, September 8, 2022 3:03 PM
> *To:* smcwg-public at cabforum.org
> *Subject:* [EXTERNAL] [Smcwg-public] Ballot SMC01: Final Guideline for
> “S/MIME Baseline Requirements”
> *Ballot SMC01: Final Guideline for “S/MIME Baseline Requirements” ***
> *Purpose of Ballot:*
> The S/MIME Certificate Working Group was chartered to discuss, adopt,
> and maintain policies, frameworks, and standards for the issuance and
> management of Publicly-Trusted S/MIME Certificates. This ballot
> adopts a new “S/MIME Baseline Requirements” that includes requirements
> for verification of control over email addresses, identity validation
> for natural persons and legal entities, key management and certificate
> lifecycle, certificate profiles for S/MIME Certificates and Issuing CA
> Certificates, as well as CA operational and audit practices.
> An S/MIME Certificate for the purposes of this document can be
> identified by the existence of an Extended Key Usage (EKU) for
> id-kp-emailProtection (OID: 220.127.116.11.18.104.22.168.4) and the inclusion of a
> rfc822Name or an otherName of type id-on-SmtpUTF8Mailbox in the
> subjectAltName extension in the Certificate.
> The following motion has been proposed by Stephen Davidson of DigiCert
> and endorsed by Martijn Katerbarg of Sectigo and Ben Wilson of Mozilla.
> *Charter Voting References*
> Section 5.1 (“Voting Structure”)
> the SMCWG Charter says:
> In order for a ballot to be adopted by the SMCWG, two-thirds or more
> of the votes cast by the Certificate Issuers must be in favor of the
> ballot and more than 50% of the votes cast by the Certificate
> Consumers must be in favor of the ballot. At least one member of each
> class must vote in favor of a ballot for it to be adopted. Quorum is
> the average number of Member organizations (cumulative, regardless of
> Class) that have participated in the previous three (3) SMCWG Meetings
> or Teleconferences (not counting subcommittee meetings thereof).
> *— MOTION BEGINS —**
> This ballot adopts the “Baseline Requirements for the Issuance and
> Management of Publicly-Trusted S/MIME Certificates” (“S/MIME Baseline
> Requirements”) as Version 1.0.0.
> The proposed S/MIME Baseline Requirements may be found at
> or the attached document.
> The SMCWG Chair or Vice-Chair is permitted to update the Relevant
> Dates and Version Number of the S/MIME Baseline Requirements to
> reflect final dates.
> *— MOTION ENDS —**
> This ballot proposes a Final Guideline. The procedure for approval of
> this ballot is as follows:
> Discussion (7+ days)
> Start Time: 8 September 2022 17:00 UTC
> End Time: 15 September 2022 17:00 UTC
> Vote for approval (7 days)
> Start Time: 15 September 2022 17:00 UTC
> End Time: 22 September 2022 17:00 UTC
> IPR Review (60 days)
> Smcwg-public mailing list
> Smcwg-public at cabforum.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Smcwg-public