[Smcwg-public] Ballot SMC01: Final Guideline for “S/MIME Baseline Requirements”

Wiedenhorst, Matthias M.Wiedenhorst at tuvit.de
Thu Sep 15 08:38:58 UTC 2022

Dear Stephen, Dear all,
I just realized one issue with regard to auditing and I am very sorry that I didn’t realize it earlier in one of the many times I read through the draft during its creation.
In section 8.2, number 4 it is written: "(For audits conducted in accordance with any one of the ETSI standards)accredited in accordance with ISO 17065 applying the requirements specified in ETSI EN 319 403;" However, since some time the ETSI EN 319 403-1 has been released as successor of 319 403. At the time being, both versions are valid and can be used for CAB accreditation. I assume most CAB’s are on their way to migrate accreditation to the newer 403-1, some have already finished. Hence, section 8.2 number 4 should be amended as follows:
"(For audits conducted in accordance with any one of the ETSI standards)accredited in accordance with ISO 17065 applying the requirements specified in ETSI EN 319 403 or ETSI EN 319 403-1;"
In addition, a reference to the new version should be added to section 1.6.3:
“ETSI EN 319 403-1, Electronic Signatures and Infrastructures (ESI); Trust Service Provider Conformity Assessment; Part 1:‐ Requirements for conformity assessment bodies assessing Trust Service Providers”

I also noticed one other thing:
In the provided PDF there are some sections with tables, where text of the first two columns partly overlay each other. I found examples in sections e), and I realize that this is only an issue of presentation and not of content, but nevertheless, maybe there is a way to fix it.
Best regards

Von: Smcwg-public <smcwg-public-bounces at cabforum.org> Im Auftrag von Stephen Davidson via Smcwg-public
Gesendet: Donnerstag, 8. September 2022 09:03
An: smcwg-public at cabforum.org
Betreff: [Smcwg-public] Ballot SMC01: Final Guideline for “S/MIME Baseline Requirements”

Ballot SMC01: Final Guideline for “S/MIME Baseline Requirements”

Purpose of Ballot:

The S/MIME Certificate Working Group was chartered to discuss, adopt, and maintain policies, frameworks, and standards for the issuance and management of Publicly-Trusted S/MIME Certificates.  This ballot adopts a new “S/MIME Baseline Requirements” that includes requirements for verification of control over email addresses, identity validation for natural persons and legal entities, key management and certificate lifecycle, certificate profiles for S/MIME Certificates and Issuing CA Certificates, as well as CA operational and audit practices.

An S/MIME Certificate for the purposes of this document can be identified by the existence of an Extended Key Usage (EKU) for id-kp-emailProtection (OID: and the inclusion of a rfc822Name or an otherName of type id-on-SmtpUTF8Mailbox in the subjectAltName extension in the Certificate.

The following motion has been proposed by Stephen Davidson of DigiCert and endorsed by Martijn Katerbarg of Sectigo and ­­­Ben Wilson of Mozilla.

Charter Voting References

Section 5.1 (“Voting Structure”)<https://github.com/cabforum/servercert/blob/e6ad111f4477010cbff409cd939c5ac1c7c85ccc/docs/SMCWG-charter.md#51-voting-structure> of the SMCWG Charter says:

In order for a ballot to be adopted by the SMCWG, two-thirds or more of the votes cast by the Certificate Issuers must be in favor of the ballot and more than 50% of the votes cast by the Certificate Consumers must be in favor of the ballot. At least one member of each class must vote in favor of a ballot for it to be adopted. Quorum is the average number of Member organizations (cumulative, regardless of Class) that have participated in the previous three (3) SMCWG Meetings or Teleconferences (not counting subcommittee meetings thereof).


This ballot adopts the “Baseline Requirements for the Issuance and Management of Publicly-Trusted S/MIME Certificates” (“S/MIME Baseline Requirements”) as Version 1.0.0.

The proposed S/MIME Baseline Requirements may be found at https://github.com/cabforum/smime/compare/7b3ab3c55dd92052a8dc0d4f85a2ac26269c222e...28c0b904fe54f1c5f6c71d18c4786a3e02c76f52 or the attached document.

The SMCWG Chair or Vice-Chair is permitted to update the Relevant Dates and Version Number of the S/MIME Baseline Requirements to reflect final dates.


This ballot proposes a Final Guideline. The procedure for approval of this ballot is as follows:

Discussion (7+ days)
Start Time: 8 September 2022 17:00 UTC
End Time: 15 September 2022 17:00 UTC

Vote for approval (7 days)
Start Time: 15 September 2022 17:00 UTC
End Time: 22 September 2022 17:00 UTC

IPR Review (60 days)

Sitz der Gesellschaft/Headquarter: TÜV Informationstechnik GmbH * Am TÜV 1 * 45307 Essen, Germany
Registergericht/Register Court: Amtsgericht/Local Court Essen * HRB 11687 * USt.-IdNr./VAT No.: DE 176132277 * Steuer-Nr./Tax No.: 111/57062251
Geschäftsführung/Management Board: Dirk Kretzschmar

Expertise for your Success

Please visit our website: www.tuv-nord.com<http://www.tuv-nord.com>
Besuchen Sie unseren Internetauftritt: www.tuev-nord.de<http://www.tuev-nord.de>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20220915/cc5bc736/attachment-0001.html>

More information about the Smcwg-public mailing list