[Smcwg-public] Considering CAA for the S/MIME Baseline Requirements

[Bruce Morton]

Hi Stephen,

I think the wrong link was provided as the link below does not show a new plan for CAA.

Thanks, Bruce.

From: Smcwg-public <smcwg-public-bounces at cabforum.org> On Behalf Of Stephen Davidson via Smcwg-public
Sent: Monday, October 30, 2023 2:28 PM
To: smcwg-public at cabforum.org
Subject: [EXTERNAL] [Smcwg-public] Considering CAA for the S/MIME Baseline Requirements

Hello: The S/MIME Certificate Working Group (SMCWG) of the CA/Browser Forum proposes to add a requirement for CAs issuing publicly-trusted S/MIME certificates to implement Certificate Authority Authorization (CAA) checking. Public-trust CAs

Hello:

The S/MIME Certificate Working Group (SMCWG) of the CA/Browser Forum proposes to add a requirement for CAs issuing publicly-trusted S/MIME certificates to implement Certificate Authority Authorization (CAA) checking.  Public-trust CAs have used CAA for some time when issuing TLS certificates, and the new RFC 9495<https://urldefense.com/v3/__https:/www.rfc-editor.org/rfc/rfc9495.html__;!!FJ-Y8qCqXTj2!cxBboQwU7IpUNEaKjUUpJaea6MkJIm9dLTq7n_1lsnGZmwywk-cyTq4vn9KXkp5We--bzxjtfx0Y5bkcpfxPavcRU1yA$> extends CAA with a new property tag for "issuemail".

The benefit is that domain holders will be able to specify CAs they authorize to issue certificates on their behalf separately for TLE and for S/MIME.

The current plan is to allow up to 12 months for CAs to implement CAA following publication of the amending ballot to the S/MIME Baseline Requirements<https://urldefense.com/v3/__https:/github.com/cabforum/smime/blob/main/SBR.md__;!!FJ-Y8qCqXTj2!cxBboQwU7IpUNEaKjUUpJaea6MkJIm9dLTq7n_1lsnGZmwywk-cyTq4vn9KXkp5We--bzxjtfx0Y5bkcpfxPanQGMIBF$>.

The SMCWG is now starting work on that amending ballot.  We encourage both Certificate Issuers as well as PKI application software providers involved in issuing S/MIME certificates to become familiar with RFC 9495, and welcome feedback on the pending requirement and implementation timeframe.

With kind regards,
Stephen Davidson
Chair, S/MIME Certificate Working Group

Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20231030/b73ee939/attachment-0001.html>