S/MIME by Root Program

35 views
Skip to first unread message

Stephen Davidson

unread,
Mar 25, 2026, 7:03:16 PM (7 days ago) Mar 25
to smcwg-...@groups.cabforum.org

On the SMCWG call today, there was discussion of whether the S/MIME BR should reflect the strictest setting of the underlying root programs.
To aid that discussion I have created some analysis drawing from CCADB as of today to layout the public-trust S/MIME ecosystem.  It includes:

- Summary showing intersection roots by program (Apple, Gmail, Microsoft, Mozilla) including the count of associated subordinateCAs

-Detail of the same roots by program including the count of associated subordinateCAs

- Accounting of the intermediates

Best, Stephen

 

SRD_CCADB_SMIME_Root_Store_Analysis.pdf
SRD_CCADB_SMIME_Root_Store_Venn.pdf

大野 文彰

unread,
Mar 26, 2026, 1:41:40 AM (7 days ago) Mar 26
to smcwg-...@groups.cabforum.org

Hi Stephen-san,

 

Thank you very much for preparing and sharing this analysis. I find it extremely helpful in setting the context for the discussion.

While reviewing the SECOM Root CAs listed, I noticed that the list includes Root CAs for which the S/MIME trust bit was disabled by Microsoft on September 15, 2025, at our request.
These trust bits were disabled because we have never operated S/MIME Subordinate CAs under these Root CAs, nor do we have any plans to construct S/MIME Subordinate CAs under them in the future.

Based on this, it seems possible that similar situations may already be occurring with Root CAs from other organizations as well.

For reference, the relevant SECOM Root CAs are as follows:

 

Best regards,

 

ONO Fumiaki / 大野 文彰

(Japanese name order: family name first, in uppercase)

SECOM Trust Systems CO., LTD.

--
You received this message because you are subscribed to the Google Groups "S/MIME Certificate WG - Public (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to smcwg-public...@groups.cabforum.org.
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/smcwg-public/BL1PR14MB5143664AFFB712D25798B288E549A%40BL1PR14MB5143.namprd14.prod.outlook.com.

Stephen Davidson

unread,
Mar 26, 2026, 11:31:56 AM (6 days ago) Mar 26
to smcwg-...@groups.cabforum.org

Hello Fumiaki-san!


Thank you for this.  The CA list was taken from CCADB via the public report at https://ccadb.my.salesforce-sites.com/ccadb/AllIncludedRootCertsCSV

 

Best regards, Stephen

Reply all
Reply to author
Forward
0 new messages