[Smcwg-public] Considering CAA for the S/MIME Baseline Requirements

Stephen Davidson Stephen.Davidson at digicert.com
Mon Oct 30 19:30:10 UTC 2023 

Hi Bruce - that's correct.  I was linking to the current SBR for those who
aren't familiar with it.

We'll soon be looking at the draft CAA text (which is a WIP at
https://github.com/srdavidson/smime/blob/CAA/SBR.md)

Best, Stephen

 

 

 

From: Bruce Morton <Bruce.Morton at entrust.com> 
Sent: Monday, October 30, 2023 3:48 PM
To: Stephen Davidson <Stephen.Davidson at digicert.com>; SMIME Certificate
Working Group <smcwg-public at cabforum.org>
Subject: RE: Considering CAA for the S/MIME Baseline Requirements

 

Hi Stephen,

 

I think the wrong link was provided as the link below does not show a new
plan for CAA.

 

Thanks, Bruce.

 

From: Smcwg-public <smcwg-public-bounces at cabforum.org
<mailto:smcwg-public-bounces at cabforum.org> > On Behalf Of Stephen Davidson
via Smcwg-public
Sent: Monday, October 30, 2023 2:28 PM
To: smcwg-public at cabforum.org <mailto:smcwg-public at cabforum.org> 
Subject: [EXTERNAL] [Smcwg-public] Considering CAA for the S/MIME Baseline
Requirements

 

Hello: The S/MIME Certificate Working Group (SMCWG) of the CA/Browser Forum
proposes to add a requirement for CAs issuing publicly-trusted S/MIME
certificates to implement Certificate Authority Authorization (CAA)
checking. Public-trust CAs 

 

Hello:

 

The S/MIME Certificate Working Group (SMCWG) of the CA/Browser Forum
proposes to add a requirement for CAs issuing publicly-trusted S/MIME
certificates to implement Certificate Authority Authorization (CAA)
checking.  Public-trust CAs have used CAA for some time when issuing TLS
certificates, and the new RFC 9495
<https://urldefense.com/v3/__https:/www.rfc-editor.org/rfc/rfc9495.html__;!!
FJ-Y8qCqXTj2!cxBboQwU7IpUNEaKjUUpJaea6MkJIm9dLTq7n_1lsnGZmwywk-cyTq4vn9KXkp5
We--bzxjtfx0Y5bkcpfxPavcRU1yA$>  extends CAA with a new property tag for
"issuemail". 

 

The benefit is that domain holders will be able to specify CAs they
authorize to issue certificates on their behalf separately for TLE and for
S/MIME.

 

The current plan is to allow up to 12 months for CAs to implement CAA
following publication of the amending ballot to the S/MIME Baseline
Requirements
<https://urldefense.com/v3/__https:/github.com/cabforum/smime/blob/main/SBR.
md__;!!FJ-Y8qCqXTj2!cxBboQwU7IpUNEaKjUUpJaea6MkJIm9dLTq7n_1lsnGZmwywk-cyTq4v
n9KXkp5We--bzxjtfx0Y5bkcpfxPanQGMIBF$> . 

 

The SMCWG is now starting work on that amending ballot.  We encourage both
Certificate Issuers as well as PKI application software providers involved
in issuing S/MIME certificates to become familiar with RFC 9495, and welcome
feedback on the pending requirement and implementation timeframe.

 

With kind regards,

Stephen Davidson

Chair, S/MIME Certificate Working Group

 

Any email and files/attachments transmitted with it are intended solely for
the use of the individual or entity to whom they are addressed. If this
message has been sent to you in error, you must not copy, distribute or
disclose of the information it contains. Please notify Entrust immediately
and delete the message from your system. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20231030/80e7b655/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5293 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/smcwg-public/attachments/20231030/80e7b655/attachment.p7s>

More information about the Smcwg-public mailing list