Re: [cabfpub] For Discussion: S/MIME Working Group Charter

On 18/5/2018 1:39 πμ, Tim Hollebeek via Public wrote: (1) Certificate Issuer: The member organization operates a certification authority that has a current and successful WebTrust for CAs audit, or ETSI TS 102042, ETSI 101456, or ETSI EN 319 411-1 audit report prepared by a

[cabfpub] Comments on proposed S/MIME WG charter

RL: <http://cabforum.org/pipermail/public/attachments/20180517/727d2b93/attachment-0001.html> -- next part -- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4940 bytes Desc: not available URL: <http://cabforum.org/pip

Re: [cabfpub] Voting Begins: Ballot 224: WHOIS and RDAP

Camerfirma votes Yes on Ballot 224 Juan Ángel Martín Gómez PKI Expertise & Dirección de Proyectos Camerfirma S.A. http://www.camerfirma.com Tlf.: (+34) 618 292 732 Skype: juan_angel_martin De: Public En nombre de

Re: [cabfpub] Voting Begins: Ballot 224: WHOIS and RDAP

Kamu SM votes YES on ballot 224. Regards, Dr. Tamer ERGUN E-İmza Teknolojileri Bölüm Sorumlusu TÜBİTAK/BİLGEM/Kamu SM Çamlıca Mahallesi 408. Cadde No: 136 C Blok 5. Kat Yenimahalle/Ankara www.tubitak.gov.tr

Re: [cabfpub] Voting Begins: Ballot 224: WHOIS and RDAP

Trustwave votes YES on Ballot 224 From: Public On Behalf Of Wayne Thayer via Public Sent: Tuesday, May 15, 2018 2:22 PM To: CA/Browser Forum Public Discussion List Subject: [cabfpub] Voting Begins: Ballot 224: WHOIS and RDAP Ballot 224: WHOIS

Re: [cabfpub] Voting Begins: Ballot 224: WHOIS and RDAP

Izenpe votes YES on ballot 224 .eus gara ! horregatik orain nire helbide elektronikoa da: por eso mi dirección de correo electrónico ahora es: o-gar...@izenpe.eus Oscar García CISSP, CISM [Descripción: Descripción: firma_email_Izenpe_eus] ERNE! Baliteke mezu

Re: [cabfpub] Voting Begins: Ballot 224: WHOIS and RDAP

Chunghwa Telecom votes YES on Ballot 224 Thanks! Li-Chun Chen Chunghwa Telecom Co., Ltd. De: Public En nombre de Wayne Thayer via Public Enviado el: martes, 15 de mayo de 2018 21:22 Para: CA/Browser Forum Public Discussion List

Re: [cabfpub] Ballot 221 v3: Two-Factor Authentication and Password Improvements

Awesome. Thank you, Eric. -Tim From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Eric Mill via Public Sent: Thursday, May 17, 2018 10:43 AM To: Geoff Keating ; CA/Browser Forum Public Discussion List Subject: Re: [cabfpub] Ballot

Re: [cabfpub] Ballot 221 v3: Two-Factor Authentication and Password Improvements

FedRAMP has published guidance about the new NIST password/identity guidelines: https://www.fedramp.gov/assets/resources/documents/CSP_Digital_Identity_Requirements.pdf They note that the formal baseline is still not updated, but encourage folks to follow NIST's new guidance regardless: NOTE: At

Re: [cabfpub] Voting Begins: Ballot 224: WHOIS and RDAP

SHECA votes “YES” on Ballot 224. -- DAI YEQI daiy...@sheca.com, +862136393162 Shanghai Electronic Certificate Authority Center Co., Ltd. 18F, No.1717 North Sichuan Road, Hongkou District Shanghai, China -- Original -- From:

[cabfpub] 答复: Voting Begins: Ballot 224: WHOIS and RDAP

GDCA votes Yes on Ballot 224. Thanks. _ Best regards, Xiu Lei Security Policy Committee Global Digital Cybersecurity Authority CO., LTD. (GDCA) http://www.gdca.com.cn 发件人: public-boun...@cabforum.org [mailto:public-boun...@cabforum.org] 代表 Wayne

Re: [cabfpub] For Discussion: S/MIME Working Group Charter

We seem to have a terminology issue here. What is a server? This is obvious in HTTP but far from obvious in the context of email because there is an inbound and an outbound ‘server’ and it acts as a client and a server at different times. I agree that certificates used to authenticate Mail

Re: [cabfpub] For Discussion: S/MIME Working Group Charter

On Thu, May 17, 2018 at 9:53 PM, Phillip wrote: > We seem to have a terminology issue here. What is a server? This is > obvious in HTTP but far from obvious in the context of email because there > is an inbound and an outbound ‘server’ and it acts as a client and a server >

Re: [cabfpub] Ballot 221 v3: Two-Factor Authentication and Password Improvements

The doc you just cited is based on the BRs and Network Security requirements, so yes, as the BR and Network Security requirements change, we generally see WebTrust change ;) On Thu, May 17, 2018 at 5:05 PM, Patrick Tronnier via Public < public@cabforum.org> wrote: > Thanks Eric. > > > > I would

[cabfpub] Voting Begins: Ballot 221: Two-Factor Authentication and Password Improvements

Ballot 221: Two-Factor Authentication and Password Improvements Purpose of Ballot: The Network Security Working Group met a number of times to improve the Network Security Guidelines requirements around authentication, specifically by requiring two-factor authentication, and improving

Re: [cabfpub] Ballot 221 v3: Two-Factor Authentication and Password Improvements

Yup, and if we could get an expedited change on this one after the ballot passes and comes into force, that would be great  -Tim From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ryan Sleevi via Public Sent: Thursday, May 17, 2018 5:18 PM To: Patrick Tronnier

Re: [cabfpub] Voting Begins: Ballot 221: Two-Factor Authentication and Password Improvements

DigiCert votes "YES" on Ballot 221 v3. -Tim From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Tim Hollebeek via Public Sent: Thursday, May 17, 2018 5:48 PM To: CA/Browser Forum Public Discussion List Subject: [cabfpub] Voting Begins: Ballot 221:

[cabfpub] For Discussion: S/MIME Working Group Charter

A rough first draft, based on text I blatantly stole from the Server Certificate Working Group Charter and draft Code Signing Working Group Charter: S/MIME Working Group Charter (should it be the Email Working Group, so it can cover web-based mail as well?) Upon approval of the CAB

Re: [cabfpub] For Discussion: S/MIME Working Group Charter

Oops, missed a spot: 1. To specify S/MIME Baseline Requirements, Extended Validation Guidelines, Network and Certificate System Security Requirements, and other acceptable practices for the issuance and management of S/MIME certificates used to sign and encrypt emails. smime.p7s

Re: [cabfpub] Voting Begins: Ballot 224: WHOIS and RDAP

OATI votes Yes to Ballot 224 Thanks Wayne, Tim and Adriano! With kind regards, Patrick Tronnier Principal Security Architect & Sr. Director of Quality Assurance & Customer Support Phone: 763.201.2000 Direct Line: 763.201.2052 Open Access Technology International, Inc. 3660 Technology Drive NE,

Re: [cabfpub] Ballot 221 v3: Two-Factor Authentication and Password Improvements

Thanks Eric. I would also like to point out that WEBTRUST PRINCIPLES AND CRITERIA FOR CERTIFICATION AUTHORITIES –SSLBASELINE WITH NETWORK SECURITY Version 2.3, which was updated in February 2018, (http://www.webtrust.org/principles-and-criteria/docs/item85437.PDF) requires passwords to be

Re: [cabfpub] For Discussion: S/MIME Working Group Charter

Email server certificates not included? Thanks, M.D. On 5/18/2018 1:49 AM, Tim Hollebeek via Public wrote: Oops, missed a spot: 1. To specify S/MIME Baseline Requirements, Extended Validation Guidelines, Network and Certificate System Security Requirements, and other acceptable practices

Re: [cabfpub] For Discussion: S/MIME Working Group Charter

My personal opinion is that cross-EKU chimeras should not exist. I realize they’re extremely common in the industry, but they’re bad. DigiCert has had a long and vigorous internal discussion about the correct number of EKUs in a certificate. I’m a strong proponent of the “exactly one”

Re: [cabfpub] For Discussion: S/MIME Working Group Charter

That's clearly the remit of the Server Certificate Working Group, and should remain so. On Thu, May 17, 2018 at 7:29 PM, Moudrick M. Dadashov via Public < public@cabforum.org> wrote: > Email server certificates not included? > > Thanks, > M.D. > > On 5/18/2018 1:49 AM, Tim Hollebeek via Public

Re: [cabfpub] For Discussion: S/MIME Working Group Charter

I don't think it's a cross-EKU situation, though, but I'm glad we're in agreement. An email server certificate is an id-kp-serverAuth EKU. That's already covered by another WG On Thu, May 17, 2018 at 7:49 PM, Tim Hollebeek via Public < public@cabforum.org> wrote: > My personal opinion is that

Re: [cabfpub] For Discussion: S/MIME Working Group Charter

Hi Tim, thanks for circulating this (very rough) draft. I think it sets a lot of ambitious work out, and I think as optimistic as that is, that can also be problematic. I've got several responses inline, and while this is a good starting point, I think a lot more discussion is going to be needed

Re: [cabfpub] For Discussion: S/MIME Working Group Charter

On Thu, May 17, 2018 at 8:12 PM, Tim Hollebeek wrote: > I agree that “web-based mail” may be problematic. That’s why I went with > S/MIME. I was just throwing it out there, because of the popularity of > things like, say, GMail :) > While this doesn't really answer

Re: [cabfpub] For Discussion: S/MIME Working Group Charter

I agree that “web-based mail” may be problematic. That’s why I went with S/MIME. I was just throwing it out there, because of the popularity of things like, say, GMail :) Also, the S/MIME EV Guidelines may be identical to the Web EV guidelines. Or they may be better. Or they may be

Re: [cabfpub] For Discussion: S/MIME Working Group Charter

One of the companies that disagrees with you is Google. -Tim From: Ryan Sleevi [mailto:sle...@google.com] Sent: Thursday, May 17, 2018 8:53 PM To: Tim Hollebeek Cc: CA/Browser Forum Public Discussion List Subject: Re: [cabfpub] For

Re: [cabfpub] For Discussion: S/MIME Working Group Charter

Hi Tim, I hope we can keep this discussion productive, by not misattributing or misrepresenting positions here. I had hoped the previous reply was categorically clear as to the position on this matter. I am more than happy to follow-up with you separately if you are still confused about this