[Smcwg-public] Approved Minutes of SMCWG September 27, 2023

Stephen Davidson Stephen.Davidson at digicert.com
Tue Oct 24 18:57:04 UTC 2023 

Minutes of SMCWG


September 27, 2023

 

These are the Approved Minutes of the Teleconference described in the
subject of this message. Corrections and clarifications where needed are
encouraged by reply.


Attendees 


Abhishek Bhat - (eMudhra), Andrea Holland - (VikingCloud), Andreas Henschel
- (D-TRUST), Ashish Dhiman - (GlobalSign), Ben Wilson - (Mozilla), Bilal
Ashraf - (SSL.com), Cade Cairns - (Google), Clint Wilson - (Apple), Hazhar
Ismail - (MSC Trustgate Sdn Bhd), Inaba Atsushi - (GlobalSign), Inigo
Barreira - (Sectigo), Judith Spencer - (CertiPath), Keshava Nagaraju -
(eMudhra), Li-Chun Chen - (Chunghwa Telecom), Mrugesh Chandarana -
(IdenTrust), Nome Huang - (TrustAsia Technologies, Inc.), Paul van
Brouwershaven - (Entrust), Pekka Lahtiharju - (Telia Company), Rebecca
Kelley - (Apple), Renne Rodriguez - (Apple), Rollin Yu - (TrustAsia
Technologies, Inc.), Russ Housley - (Vigil Security LLC), Scott Rea -
(eMudhra), Stefan Selbitschka - (rundQuadrat), Stephen Davidson -
(DigiCert), Tadahiko Ito - (SECOM Trust Systems), Thomas Zermeno -
(SSL.com), Tim Crawford - (CPA Canada/WebTrust), Tsung-Min Kuo - (Chunghwa
Telecom), Wendy Brown - (US Federal PKI Management Authority), Yashwanth TM
- (eMudhra)


1. Roll Call


The Roll Call was taken.


2. Read Antitrust Statement


The statement was read concerning the antitrust policy, code of conduct, and
intellectual property rights agreement.


3. Review Agenda


Minutes were prepared by Stephen Davidson.


4. Approval of minutes from last teleconference


The minutes were approved from the following teleconferences:

.              September 13


5. Discussion 


Russ Housley noted that the draft RFC for CAA for S/MIME was approaching
conclusion and publication.  Stephen Davidson said that, once the RFC was
published, the SMCWG would move to introduce a ballot requiring CAA for
S/MIME with a long implementation window.

 

Russ also noted that a new RFC was underway that would replace the one
referenced for otherName of type id-on-SmtpUTF8Mailbox.

 

Stephen again noted the issues list is being actively updated at
<https://url.avanan.click/v2/___https:/github.com/cabforum/smime/issues___.Y
XAzOmRpZ2ljZXJ0OmE6bzphOGIxYmQ3Mjg4MDJhYTRlNzg1NmNlZGMyYzg0ZWFjYjo2OjNjZGI6M
mJlYmMxZjI0NzA5YmQyNGFmMDY1MWZmM2Q2MzZjNTRmYzI4YTE4YTVmZjVhZDQxMDdiYTRjNWFiY
TM0Y2RjNDpoOkY> https://github.com/cabforum/smime/issues and encouraged
SMCWG members to comment there.  He is working on a draft SM04 ballot of
further corrections which may be seen at
<https://url.avanan.click/v2/___https:/github.com/srdavidson/smime/blob/Ball
ot-SMC04/SBR.md___.YXAzOmRpZ2ljZXJ0OmE6bzplMjI5YjkxMDljOTZmZTljMjVjZjZiMzQ1O
TAyOGQ5ODo2OmRhZjQ6YmExY2RlNDYzYTc3NzIwZjg1OGExMWYzMTdlMmFhMGM0ZDM0NjEyNjlhY
zM0OGI5MTdkNWM3ZDI5ZjcwZDY0ODpoOkY>
https://github.com/srdavidson/smime/blob/Ballot-SMC04/SBR.md.

 

The WG discussed proposed text to incorporate intermediate CAs in the
definition of Extant S/MIME CA.  

 

Stephen noted an email sent to the list by Martijn Katerbarg describing that
backdating of revocations was now permitted in both the Code Signing and TLS
BR, but is not described in the S/MIME BR.  Clint Wilson said he had no
strong objection to adding this allowance, as it would not block a user from
accessing old emails. Russ noted that the CS and TLS BR vary in their
description of invalidityDate versus revocationDate.  Scott Rea said is
unknown if email software is generally aware of the invalidityDate extension
but clear standards might make it more attractive.  

 

Wendy Brown said that email software UI is often not specific about
"problems relating the certificate" including expiry and revocation and
wondered if such a requirement should be expressed as a MAY rather than a
SHOULD.  

 

Paul van Brouwershaven and Stefan Selbitschka said that email software
treated time stamps loosely so the effectiveness of revocation times was
reduced. Stephen asked if the WG had any sway to affect those industry
standards, other than to ensure that revocation times were as accurate as
possible.

 

Stephen described proposed text in the draft SMC04 which requires "the
proper stacking" of address fields (for example, only allowing streetAddress
if locality or state was present).  No objections were raised.

 

Stephen described proposed text in the draft SMC04 to reference the new ETSI
TS 119 411-6 in sections 8.4 and 8.6.  He said he would also share it with
ACAB'c, and no objections were raised.

 

Stephen described proposed text in the draft SMC04 to clarify the keyUsage
table.  No objections were raised.

 

The WG discussed the agenda for the CABF #60 meeting.  Topics included
Pseudonym, organisationIdentifier and jurisdiction level setting, CAA for
S/MIME.  Other possible topics raised included extensions showing ERA
involvement, attestation of keys, and whether to adopt a table format such
as recently introduced to the TLS BR in ballot SC62.  Clint noted that he
would like the deprecation timeline for the Legacy generation to be
discussed.

 

Ben Wilson noted that he welcomed suggestions from Certificate Issuers that
might be considered for the roadmap of email client software.

 


6. Any Other Business


 

None


7. Next call


Next call: Thursday, October 5, 2023 at the CABF#60, see wiki for details.


Adjourned


 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20231024/78ae05dd/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5293 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20231024/78ae05dd/attachment-0001.p7s>

More information about the Smcwg-public mailing list