Re: [cabfpub] Ballot Forum-14 version 2: Creation of S/MIME Certificates Working Group

[Tim Hollebeek via Public]

Some people may find the following link more useful for review purposes,
since the github redline tends to obscure the fact that there's only one
file, and it's entirely new:

 

https://github.com/cabforum/documents/blob/e6ad111f4477010cbff409cd939c5ac1c
7c85ccc/docs/SMCWG-charter.md

 

-Tim

 

From: Public  On Behalf Of Tim Hollebeek via
Public
Sent: Monday, June 1, 2020 4:40 PM
To: CABforum1 
Subject: [cabfpub] Ballot Forum-14 version 2: Creation of S/MIME
Certificates Working Group

 

The following ballot is proposed by Tim Hollebeek of DigiCert and endorsed
by Wayne Thayer of Mozilla and Clint Wilson of Apple.

 

Ballot Forum-14: Creation of S/MIME Certificates Working Group

 

Purpose of the Ballot

 

The CA/Browser Forum underwent a two-year long governance reform exercise,
modifying the Bylaws to allow the creation of working groups that covered
topics other than server certificates.  While originally motivated by the
inability to maintain requirements for code signing certificates, it was
anticipated from the start that this would also provide an opportunity to
create other working groups that could develop and maintain certificate
profiles and requirements for other kinds of certificates.  While a number
of regional and technical standards exist regarding the creation and
issuance of S/MIME certificates, there is no current global forum for
certificate authorities and those who consume or use S/MIME certificates to
come together and develop and maintain policies and standards for those
certificates.  This lack of standards has impeded the adoption and
interoperability of S/MIME certificate worldwide.  This ballot would
establish a working group chartered to develop and maintain such standards
for S/MIME certificates, including but not limited to two important
priorities: a uniform certificate profile for the issuance of
publicly-trusted S/MIME certificates, and validation requirements for such
certificates.

 

-- MOTION BEGINS -

 

Establish S/MIME Certificates Working Group

 

Upon approval of the CAB Forum by ballot in accordance with section 5.3 of
the Bylaws, the S/MIME Certificates Working Group ("SMWG") is created to
perform the activities as specified in the Charter, with the Charter as
described here
(https://github.com/cabforum/documents/compare/6e0b8e61590164eb2d686ddcf266b
189f46fc636...e6ad111f4477010cbff409cd939c5ac1c7c85ccc).

 

 

- MOTION ENDS-

 

The procedure for approval of this ballot is as follows:

 

Discussion (7+ days)

 

Start Time: 2020-06-01  16:40:00 EDT

 

End Time: after 2020-06-08 16:40:00 EDT

 

Vote for approval (7 days)

 

Start Time: TBD

 

End Time: TBD

 

 



smime.p7s
Description: S/MIME cryptographic signature
___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

[cabfpub] Ballot Forum-14 version 2: Creation of S/MIME Certificates Working Group

[Tim Hollebeek via Public]

The following ballot is proposed by Tim Hollebeek of DigiCert and endorsed
by Wayne Thayer of Mozilla and Clint Wilson of Apple.

 

Ballot Forum-14: Creation of S/MIME Certificates Working Group

 

Purpose of the Ballot

 

The CA/Browser Forum underwent a two-year long governance reform exercise,
modifying the Bylaws to allow the creation of working groups that covered
topics other than server certificates.  While originally motivated by the
inability to maintain requirements for code signing certificates, it was
anticipated from the start that this would also provide an opportunity to
create other working groups that could develop and maintain certificate
profiles and requirements for other kinds of certificates.  While a number
of regional and technical standards exist regarding the creation and
issuance of S/MIME certificates, there is no current global forum for
certificate authorities and those who consume or use S/MIME certificates to
come together and develop and maintain policies and standards for those
certificates.  This lack of standards has impeded the adoption and
interoperability of S/MIME certificate worldwide.  This ballot would
establish a working group chartered to develop and maintain such standards
for S/MIME certificates, including but not limited to two important
priorities: a uniform certificate profile for the issuance of
publicly-trusted S/MIME certificates, and validation requirements for such
certificates.

 

-- MOTION BEGINS -

 

Establish S/MIME Certificates Working Group

 

Upon approval of the CAB Forum by ballot in accordance with section 5.3 of
the Bylaws, the S/MIME Certificates Working Group ("SMWG") is created to
perform the activities as specified in the Charter, with the Charter as
described here
(https://github.com/cabforum/documents/compare/6e0b8e61590164eb2d686ddcf266b
189f46fc636...e6ad111f4477010cbff409cd939c5ac1c7c85ccc).

 

 

- MOTION ENDS-

 

The procedure for approval of this ballot is as follows:

 

Discussion (7+ days)

 

Start Time: 2020-06-01  16:40:00 EDT

 

End Time: after 2020-06-08 16:40:00 EDT

 

Vote for approval (7 days)

 

Start Time: TBD

 

End Time: TBD

 

 



smime.p7s
Description: S/MIME cryptographic signature
___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

Re: [cabfpub] Ballot Forum-14: Creation of S/MIME Certificates Working Group

[Tim Hollebeek via Public]

Thank you.

 

-Tim

 

From: Ryan Sleevi  
Sent: Monday, June 1, 2020 3:17 PM
To: Tim Hollebeek ; CABforum1 
Subject: Re: [cabfpub] Ballot Forum-14: Creation of S/MIME Certificates Working 
Group

 

Note: This is missing the feedback from Apple, which landed in 
https://github.com/cabforum/documents/pull/167/commits/e6ad111f4477010cbff409cd939c5ac1c7c85ccc

 

You could probably restart discussion with things as

 

https://github.com/cabforum/documents/compare/6e0b8e61590164eb2d686ddcf266b189f46fc636...e6ad111f4477010cbff409cd939c5ac1c7c85ccc

 

and shifted to 15:30 EDT (or 16:00 EDT), depending on when you get this :)

 

On Mon, Jun 1, 2020 at 3:04 PM Tim Hollebeek via Public mailto:public@cabforum.org> > wrote:

I believe the most recent attempt to post this was swallowed by CABForum mailer 
issues that were fixed today.  Reposting:

 

The following ballot is proposed by Tim Hollebeek of DigiCert and endorsed by 
Wayne Thayer of Mozilla and Clint Wilson of Apple.

 

Ballot Forum-14: Creation of S/MIME Certificates Working Group

 

Purpose of the Ballot

 

The CA/Browser Forum underwent a two-year long governance reform exercise, 
modifying the Bylaws to allow the creation of working groups that covered 
topics other than server certificates.  While originally motivated by the 
inability to maintain requirements for code signing certificates, it was 
anticipated from the start that this would also provide an opportunity to 
create other working groups that could develop and maintain certificate 
profiles and requirements for other kinds of certificates.  While a number of 
regional and technical standards exist regarding the creation and issuance of 
S/MIME certificates, there is no current global forum for certificate 
authorities and those who consume or use S/MIME certificates to come together 
and develop and maintain policies and standards for those certificates.  This 
lack of standards has impeded the adoption and interoperability of S/MIME 
certificate worldwide.  This ballot would establish a working group chartered 
to develop and maintain such standards for S/MIME certificates, including but 
not limited to two important priorities: a uniform certificate profile for the 
issuance of publicly-trusted S/MIME certificates, and validation requirements 
for such certificates.

 

-- MOTION BEGINS –

 

Establish S/MIME Certificates Working Group

 

Upon approval of the CAB Forum by ballot in accordance with section 5.3 of the 
Bylaws, the S/MIME Certificates Working Group (“SMWG”) is created to perform 
the activities as specified in the Charter, with the Charter as described here 
(https://github.com/cabforum/documents/compare/6e0b8e61590164eb2d686ddcf266b189f46fc636...c274e89f79442c12f3c75c778ae4eadaa6403dda).

 

— MOTION ENDS—

 

The procedure for approval of this ballot is as follows:

 

Discussion (7+ days)

 

Start Time: 2020-06-01  15:00:00 EDT

 

End Time: after 2020-06-08 15:00:00 EDT

 

Vote for approval (7 days)

 

Start Time: TBD

 

End Time: TBD

 

___
Public mailing list
Public@cabforum.org  
https://lists.cabforum.org/mailman/listinfo/public



smime.p7s
Description: S/MIME cryptographic signature
___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

Re: [cabfpub] Final Minutes for CA/Browser Forum Teleconference - May 14, 2020

[Jos Purvis (jopurvis) via Public]

Published! In addition, it appears that the minutes from 2020-04-16 and 
2020-04-30 disappeared during the site migration, so I have restored those 
posts as well.

 

 

-- 
Jos Purvis (jopur...@cisco.com)
.:|:.:|:. cisco systems | Cryptographic Services
PGP: 0xFD802FEE07D19105 | Controls and Trust Verification

 

 

From: Public  on behalf of CA/B Forum Public List 

Reply-To: "Dimitris Zacharopoulos (HARICA)" , CA/B Forum 
Public List 
Date: Monday, June 1, 2020 at 2:39 PM
To: CA/B Forum Public List 
Subject: [cabfpub] Final Minutes for CA/Browser Forum Teleconference - May 14, 
2020

 

 

These are the Final Minutes of the Teleconference described in the subject of 
this message. 
Attendees (in alphabetical order)
Adam Clark (Visa), Arno Fiedler (D-TRUST), Ben Wilson (Mozilla), Bruce Morton 
(Entrust Datacard), Clint Wilson (Apple), Corey Bonnell (SecureTrust), Chris 
Kemmerer (SSL.com), Daniela Hood (GoDaddy), Dean Coclin (Digicert), Dimitris 
Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback 
(Microsoft), Enrico Entschew (D-TRUST), Inaba Atsushi (GlobalSign), Janet Hines 
(SecureTrust), Jos Purvis (Cisco Systems), Li-Chun Chen (Chunghwa Telecom), 
Mads Henriksveen (Buypass AS), Michael Guenther (SwissSign), Mike Reilly 
(Microsoft), Neil Dunbar (TrustCor Systems), Niko Carpenter (SecureTrust), 
Patrick Nohe (GlobalSign), Pedro Fuentes (OISTE Foundation), Peter Miskovic 
(Disig), Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), 
Shelley Brewer (Digicert), Stephen Davidson (Quo Vadis), Taconis Lewis (US 
Federal PKI Management Authority), Thanos Vrachnos (SSL.com), Tim Hollebeek 
(Digicert), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White 
(Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal PKI Management 
Authority). 
Minutes 
1. Roll Call
The Chair took attendance. 
2. Read Antitrust Statement
The Antitrust Statement was read. 
3. Review Agenda
Accepted without changes. Enrico volunteered to take minutes on the next call.
4. Approval of minutes from previous teleconference
Accepted without objections. 
5. Forum Infrastructure Subcommittee update
Jos gave the reports.
On the issue of migrating the mailers and web site, the subcommittee will make 
progress with the web site first.
On the issue of pandoc formatted BRs, Jos will proceed with making changes to 
the "Travis" configuration to autobuild with the new pandoc.
WebEx demoing various options. Evaluated default and existing meeting options 
with Dimitris and tested various scenarios. We did not have a chance to 
evaluate other types of webex meetings because they were not available in our 
subscription.
Migration of webex. The URL is changing and cabf.cabforum.org is the new URL. 
Chairs and Vice Chairs of subcommittees should ask for an account and schedule 
new meetings. Don't forget to update the associated wiki page with the new 
meeting information.
Tim asked about the calendar invites on the old system. Jos replied that the 
old WebEx account will disappear in June.

The draft minutes of that particular Subcommittee meeting are available at the 
following URL:
https://lists.cabforum.org/pipermail/infrastructure/2020-May/000229.html 
6. Code Signing Working Group update
Dean: The merged document is ready to proceed. They also created a prioritized 
list of parking lot items, and will work with the top 5 things. The SC added a 
code signing wiki page with this information. Draft document with mark-ups and 
parking lot items are added to that wiki.

Next plan is to put this document up for a ballot. Dimitris asked if this would 
be considered a new Guideline, thus requiring 60 days of IPR review or an 
update to an existing guideline, thus requiring 30 days of IPR review. Dean 
said they will add it to the agenda for next meeting. Tim proposed to update of 
one of the two. Dean will explore these options. Sunsetting one document makes 
sense and  Ryan thinks 30 days is ok with calling this "merge" a maintenance 
guideline.
7.  New S/MIME WG Charter
This was now supposed to be in the discussion period but due to a technical 
issue with the ballot redline link, it is not a correct ballot. Tim will have 
to restart the discussion period by posting the proper "immutable" redline 
link, if this is supposed to be the normative ballot text. 
Tim mentioned that there is one last thing being discussed about root 
certificates that are not publicly trusted and which should be out of scope. 
There are concerns raised by Ryan that he is trying to understand.

Ryan said that the way this is written, what seems to be documented as out of 
scope can easily be presented differently to be in scope. He asked what is it 
that we're trying to prevent. This language also prevents things we want to 
address. FPKI schemes and policy seems that they cannot be discussed. There was 
also a change in the introduction of the ballot.

Tim thinks that the current language does not prohibit that. The WG should not 

Re: [cabfpub] Ballot Forum-14: Creation of S/MIME Certificates Working Group

[Ryan Sleevi via Public]

Note: This is missing the feedback from Apple, which landed in
https://github.com/cabforum/documents/pull/167/commits/e6ad111f4477010cbff409cd939c5ac1c7c85ccc

You could probably restart discussion with things as

https://github.com/cabforum/documents/compare/6e0b8e61590164eb2d686ddcf266b189f46fc636...e6ad111f4477010cbff409cd939c5ac1c7c85ccc

and shifted to 15:30 EDT (or 16:00 EDT), depending on when you get this :)

On Mon, Jun 1, 2020 at 3:04 PM Tim Hollebeek via Public 
wrote:

> I believe the most recent attempt to post this was swallowed by CABForum
> mailer issues that were fixed today.  Reposting:
>
>
>
> The following ballot is proposed by Tim Hollebeek of DigiCert and endorsed
> by Wayne Thayer of Mozilla and Clint Wilson of Apple.
>
>
>
> Ballot Forum-14: Creation of S/MIME Certificates Working Group
>
>
>
> Purpose of the Ballot
>
>
>
> The CA/Browser Forum underwent a two-year long governance reform exercise,
> modifying the Bylaws to allow the creation of working groups that covered
> topics other than server certificates.  While originally motivated by the
> inability to maintain requirements for code signing certificates, it was
> anticipated from the start that this would also provide an opportunity to
> create other working groups that could develop and maintain certificate
> profiles and requirements for other kinds of certificates.  While a number
> of regional and technical standards exist regarding the creation and
> issuance of S/MIME certificates, there is no current global forum for
> certificate authorities and those who consume or use S/MIME certificates to
> come together and develop and maintain policies and standards for those
> certificates.  This lack of standards has impeded the adoption and
> interoperability of S/MIME certificate worldwide.  This ballot would
> establish a working group chartered to develop and maintain such standards
> for S/MIME certificates, including but not limited to two important
> priorities: a uniform certificate profile for the issuance of
> publicly-trusted S/MIME certificates, and validation requirements for such
> certificates.
>
>
>
> -- MOTION BEGINS –
>
>
>
> Establish S/MIME Certificates Working Group
>
>
>
> Upon approval of the CAB Forum by ballot in accordance with section 5.3 of
> the Bylaws, the S/MIME Certificates Working Group (“SMWG”) is created to
> perform the activities as specified in the Charter, with the Charter as
> described here (
> https://github.com/cabforum/documents/compare/6e0b8e61590164eb2d686ddcf266b189f46fc636...c274e89f79442c12f3c75c778ae4eadaa6403dda
> ).
>
>
>
> — MOTION ENDS—
>
>
>
> The procedure for approval of this ballot is as follows:
>
>
>
> Discussion (7+ days)
>
>
>
> Start Time: 2020-06-01  15:00:00 EDT
>
>
>
> End Time: after 2020-06-08 15:00:00 EDT
>
>
>
> Vote for approval (7 days)
>
>
>
> Start Time: TBD
>
>
>
> End Time: TBD
>
>
> ___
> Public mailing list
> Public@cabforum.org
> https://lists.cabforum.org/mailman/listinfo/public
>
___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

[cabfpub] Ballot Forum-14: Creation of S/MIME Certificates Working Group

[Tim Hollebeek via Public]

I believe the most recent attempt to post this was swallowed by CABForum
mailer issues that were fixed today.  Reposting:

 

The following ballot is proposed by Tim Hollebeek of DigiCert and endorsed
by Wayne Thayer of Mozilla and Clint Wilson of Apple.

 

Ballot Forum-14: Creation of S/MIME Certificates Working Group

 

Purpose of the Ballot

 

The CA/Browser Forum underwent a two-year long governance reform exercise,
modifying the Bylaws to allow the creation of working groups that covered
topics other than server certificates.  While originally motivated by the
inability to maintain requirements for code signing certificates, it was
anticipated from the start that this would also provide an opportunity to
create other working groups that could develop and maintain certificate
profiles and requirements for other kinds of certificates.  While a number
of regional and technical standards exist regarding the creation and
issuance of S/MIME certificates, there is no current global forum for
certificate authorities and those who consume or use S/MIME certificates to
come together and develop and maintain policies and standards for those
certificates.  This lack of standards has impeded the adoption and
interoperability of S/MIME certificate worldwide.  This ballot would
establish a working group chartered to develop and maintain such standards
for S/MIME certificates, including but not limited to two important
priorities: a uniform certificate profile for the issuance of
publicly-trusted S/MIME certificates, and validation requirements for such
certificates.

 

-- MOTION BEGINS -

 

Establish S/MIME Certificates Working Group

 

Upon approval of the CAB Forum by ballot in accordance with section 5.3 of
the Bylaws, the S/MIME Certificates Working Group ("SMWG") is created to
perform the activities as specified in the Charter, with the Charter as
described here
(https://github.com/cabforum/documents/compare/6e0b8e61590164eb2d686ddcf266b
189f46fc636...c274e89f79442c12f3c75c778ae4eadaa6403dda).

 

- MOTION ENDS-

 

The procedure for approval of this ballot is as follows:

 

Discussion (7+ days)

 

Start Time: 2020-06-01  15:00:00 EDT

 

End Time: after 2020-06-08 15:00:00 EDT

 

Vote for approval (7 days)

 

Start Time: TBD

 

End Time: TBD

 



smime.p7s
Description: S/MIME cryptographic signature
___
Public mailing list
Public@cabforum.org
https://lists.cabforum.org/mailman/listinfo/public

[cabfpub] Final Minutes for CA/Browser Forum Teleconference - May 14, 2020

[Dimitris Zacharopoulos (HARICA) via Public]

These are the Final Minutes of the Teleconference described in the 
subject of this message*.*



   Attendees (in alphabetical order)

Adam Clark (Visa), Arno Fiedler (D-TRUST), Ben Wilson (Mozilla), Bruce 
Morton (Entrust Datacard), Clint Wilson (Apple), Corey Bonnell 
(SecureTrust), Chris Kemmerer (SSL.com), Daniela Hood (GoDaddy), Dean 
Coclin (Digicert), Dimitris Zacharopoulos (HARICA), Doug Beattie 
(GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), 
Inaba Atsushi (GlobalSign), Janet Hines (SecureTrust), Jos Purvis (Cisco 
Systems), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass 
AS), Michael Guenther (SwissSign), Mike Reilly (Microsoft), Neil Dunbar 
(TrustCor Systems), Niko Carpenter (SecureTrust), Patrick Nohe 
(GlobalSign), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), 
Rich Smith (Sectigo), Robin Alden (Sectigo), Ryan Sleevi (Google), 
Shelley Brewer (Digicert), Stephen Davidson (Quo Vadis), Taconis Lewis 
(US Federal PKI Management Authority), Thanos Vrachnos (SSL.com), Tim 
Hollebeek (Digicert), Tobias Josefowitz (Opera Software AS), Trevoli 
Ponds-White (Amazon), Wayne Thayer (Mozilla), Wendy Brown (US Federal 
PKI Management Authority).



   Minutes


 1. Roll Call


The Chair took attendance.


 2. Read Antitrust Statement

The Antitrust Statement was read.


 3. Review Agenda

Accepted without changes. Enrico volunteered to take minutes on the next 
call.



 4. Approval of minutes from previous teleconference


Accepted without objections.


 5. Forum Infrastructure Subcommittee update

Jos gave the reports.

 * On the issue of migrating the mailers and web site, the subcommittee
   will make progress with the web site first.
 * On the issue of pandoc formatted BRs, Jos will proceed with making
   changes to the "Travis" configuration to autobuild with the new pandoc.
 * WebEx demoing various options. Evaluated default and existing
   meeting options with Dimitris and tested various scenarios. We did
   not have a chance to evaluate other types of webex meetings because
   they were not available in our subscription.
 * Migration of webex. The URL is changing and cabf.cabforum.org is the
   new URL. Chairs and Vice Chairs of subcommittees should ask for an
   account and schedule new meetings. Don't forget to update the
   associated wiki page with the new meeting information.


Tim asked about the calendar invites on the old system. Jos replied that 
the old WebEx account will disappear in June.


The draft minutes of that particular Subcommittee meeting are available 
at the following URL:


 * https://lists.cabforum.org/pipermail/infrastructure/2020-May/000229.html



 6. Code Signing Working Group update

Dean: The merged document is ready to proceed. They also created a 
prioritized list of parking lot items, and will work with the top 5 
things. The SC added a code signing wiki page with this information. 
Draft document with mark-ups and parking lot items are added to that wiki.


Next plan is to put this document up for a ballot. Dimitris asked if 
this would be considered a new Guideline, thus requiring 60 days of IPR 
review or an update to an existing guideline, thus requiring 30 days of 
IPR review. Dean said they will add it to the agenda for next meeting. 
Tim proposed to update of one of the two. Dean will explore these 
options. Sunsetting one document makes sense and  Ryan thinks 30 days is 
ok with calling this "merge" a maintenance guideline.



 7.  New S/MIME WG Charter

This was now supposed to be in the discussion period but due to a 
technical issue with the ballot redline link, it is not a correct 
ballot. Tim will have to restart the discussion period by posting the 
proper "immutable" redline link, if this is supposed to be the normative 
ballot text.
Tim mentioned that there is one last thing being discussed about root 
certificates that are not publicly trusted and which should be out of 
scope. There are concerns raised by Ryan that he is trying to understand.


Ryan said that the way this is written, what seems to be documented as 
out of scope can easily be presented differently to be in scope. He 
asked what is it that we're trying to prevent. This language also 
prevents things we want to address. FPKI schemes and policy seems that 
they cannot be discussed. There was also a change in the introduction of 
the ballot.


Tim thinks that the current language does not prohibit that. The WG 
should not delete these things. Discuss for publicly-trusted.


Corey, asked to clarify the net result. This group would not produce 
standards that would be used exclusively on a private PKI.


Dimitris reminded the members about the codesigning WG charter where the 
Trusted third-party model was in scope and the non third-party model was 
out of scope.


Arno said that it's good to take existing standards into account like 
ETSI NCP, etc.


Tim will check Forum-11 for an immutable red-line link.