[Discussion] Ballot SMC012: Introduce ACME for S/MIME

901 views
Skip to first unread message

Stephen Davidson

unread,
May 19, 2025, 4:20:00 PM5/19/25
to smcwg-...@groups.cabforum.org

Ballot SMC012: Introduce ACME for S/MIME

 

Summary: 

 

This ballot introduces a new method for validation of mailbox control, using ACME for S/MIME as defined in RFC 8823: Extensions to Automatic Certificate Management Environment for End-User S/MIME Certificates.

Although similar to the existing method (3.2.2.2) “Validating control over mailbox via email”, ACME for S/MIME has been defined in a new method in order to better describe how a CA’s ACME server may respond to a POST request by sending the Random Value token components via email and SMTP.

 

The S/MIME Certificate Working Group encourages the proposal of new methods to facilitate the validation of mailbox authorization or control.

 

The ballot also includes several minor typographic corrections, including a clarification in section 7.1.4.2.1 regarding the use of directoryName in the SAN extension.

 

This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Stefan Selbitschka (rundQuadrat) and Guillaume Amringer (Carillon).

 

— Motion Begins —

 

This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly-Trusted S/MIME Certificates” (“S/MIME Baseline Requirements”), based on Version 1.0.9.

MODIFY the Baseline Requirements as specified in the following Redline:

 

https://github.com/cabforum/smime/compare/8c8fab7993de3c1c423e704947ce880165924abb...4a663e37e70083752c6fa9ae0d4820231cf54217

 

— Motion Ends —

 

This ballot proposes a Final Maintenance Guideline. The procedure for approval of this ballot is as follows:

 

Discussion (at least 7 days)

  • Start time: May 19, 2025 at 17:00:00 UTC
  • End time: May 26, 2025 at 17:00:00 UTC

 

 

Stephen Davidson

unread,
May 26, 2025, 12:47:03 PM5/26/25
to smcwg-...@groups.cabforum.org

Voting for Approval 

  • Start time: May 26, 2025 at 17:00:00 UTC
  • End time: June 2, 2025 at 17:00:00 UTC

 

IP Review (30 Days) 

 

Stefan Selbitschka

unread,
May 27, 2025, 7:16:44 AM5/27/25
to smcwg-...@groups.cabforum.org
rundQuadrat votes "YES" on SMC012

On 5/26/25 18:46, 'Stephen Davidson' via S/MIME Certificate WG - Public (CA/B Forum) wrote:
> *Ballot SMC012: Introduce ACME for S/MIME*
>
> Summary:
>
> This ballot introduces a new method for validation of mailbox control, using ACME for S/MIME as
> defined in RFC 8823: Extensions to Automatic Certificate Management Environment for End-User S/MIME
> Certificates.
>
> Although similar to the existing method (3.2.2.2) “Validating control over mailbox via email”, ACME
> for S/MIME has been defined in a new method in order to better describe how a CA’s ACME server may
> respond to a POST request by sending the Random Value token components via email and SMTP.
>
> The S/MIME Certificate Working Group encourages the proposal of new methods to facilitate the
> validation of mailbox authorization or control.
>
> The ballot also includes several minor typographic corrections, including a clarification in section
> 7.1.4.2.1 regarding the use of directoryName in the SAN extension.
>
> This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Stefan Selbitschka
> (rundQuadrat) and Guillaume Amringer (Carillon).
>
> — Motion Begins —
>
> This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly-Trusted
> S/MIME Certificates” (“S/MIME Baseline Requirements”), based on Version 1.0.9.
>
> MODIFY the Baseline Requirements as specified in the following Redline:
>
> https://github.com/cabforum/smime/
> compare/8c8fab7993de3c1c423e704947ce880165924abb...4a663e37e70083752c6fa9ae0d4820231cf54217
> <https://github.com/cabforum/smime/
> compare/8c8fab7993de3c1c423e704947ce880165924abb...4a663e37e70083752c6fa9ae0d4820231cf54217>
>
> — Motion Ends —
>
> This ballot proposes a Final Maintenance Guideline. The procedure for approval of this ballot is as
> follows:
>
> *Discussion (at least 7 days)*
>
> * Start time: May 19, 2025 at 17:00:00 UTC
> * End time: May 26, 2025 at 17:00:00 UTC
>
> *Voting for Approval *
>
> * Start time: May 26, 2025 at 17:00:00 UTC
> * End time: June 2, 2025 at 17:00:00 UTC
>
> *IP Review (30 Days) *
>
> --
> You received this message because you are subscribed to the Google Groups "S/MIME Certificate WG -
> Public (CA/B Forum)" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to smcwg-
> public+un...@groups.cabforum.org <mailto:smcwg-public...@groups.cabforum.org>.
> To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/smcwg-public/
> BL1PR14MB51432AA044D84E04433DB939E565A%40BL1PR14MB5143.namprd14.prod.outlook.com <https://
> groups.google.com/a/groups.cabforum.org/d/msgid/smcwg-public/
> BL1PR14MB51432AA044D84E04433DB939E565A%40BL1PR14MB5143.namprd14.prod.outlook.com?
> utm_medium=email&utm_source=footer>.

Bruce Morton

unread,
May 27, 2025, 8:34:40 AM5/27/25
to smcwg-...@groups.cabforum.org

Entrust abstains from ballot SMC012.

 

 

Bruce.

--

You received this message because you are subscribed to the Google Groups "S/MIME Certificate WG - Public (CA/B Forum)" group.

Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

Michael Guenther

unread,
May 28, 2025, 4:51:39 AM5/28/25
to smcwg-...@groups.cabforum.org
smime.p7m

Marco Schambach

unread,
May 28, 2025, 8:36:42 AM5/28/25
to smcwg-...@groups.cabforum.org

IdenTrust votes “Yes” on SMC012

 

Marco S.

TrustID Program Manager

 

From: 'Stephen Davidson' via S/MIME Certificate WG - Public (CA/B Forum) <smcwg-...@groups.cabforum.org>

Sent: Monday, May 26, 2025 12:47 PM
To: smcwg-...@groups.cabforum.org

--

Ben Wilson

unread,
May 28, 2025, 10:11:31 AM5/28/25
to smcwg-...@groups.cabforum.org
Mozilla votes "Yes" on Ballot SMC-012.

--

Ruiter, Albert de

unread,
May 28, 2025, 10:51:56 AM5/28/25
to smcwg-...@groups.cabforum.org

Logius votes “Yes” on Ballot SMC-012

 

 

Kind regards,

 


Albert de Ruiter

Policy Authority PKIoverheid

 

Logius

 

Dienst Digitale Samenleving

Ministerie van Binnenlandse Zaken en Koninkrijksrelaties

........................................................................

M 06-22796535

Albert...@logius.nl

www.logius.nl

 

........................................................................

Logius is continu op zoek naar nieuwe collega’s. Bekijk alle vacatures op onze website.

Samen zorgen we voor een digitale overheid die werkt voor iedereen

--

You received this message because you are subscribed to the Google Groups "S/MIME Certificate WG - Public (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to smcwg-public...@groups.cabforum.org.
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/smcwg-public/BL1PR14MB51432AA044D84E04433DB939E565A%40BL1PR14MB5143.namprd14.prod.outlook.com.



Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.
This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.

Guillaume Amringer

unread,
May 28, 2025, 12:02:54 PM5/28/25
to smcwg-...@groups.cabforum.org

Carillon votes “yes” on SMC012.

--

You received this message because you are subscribed to the Google Groups "S/MIME Certificate WG - Public (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to


To view this discussion visit

Tim Hollebeek

unread,
May 28, 2025, 1:56:13 PM5/28/25
to smcwg-...@groups.cabforum.org

DigiCert votes YES on SMC-012.

 

-Tim

 

From: 'Stephen Davidson' via S/MIME Certificate WG - Public (CA/B Forum) <smcwg-...@groups.cabforum.org>

Sent: Monday, May 26, 2025 12:47 PM

--

Adriano Santoni

unread,
May 29, 2025, 2:32:15 AM5/29/25
to smcwg-...@groups.cabforum.org

Actalis  votes “Yes”.

--

Inigo Barreira

unread,
May 29, 2025, 3:50:24 AM5/29/25
to smcwg-...@groups.cabforum.org

Sectigo votes yes

 

De: 'Stephen Davidson' via S/MIME Certificate WG - Public (CA/B Forum) <smcwg-...@groups.cabforum.org>
Enviado el: lunes, 26 de mayo de 2025 18:47
Para: smcwg-...@groups.cabforum.org
Asunto: [Smcwg-public] [Voting for Approval] Ballot SMC012: Introduce ACME for S/MIME

 

Ballot SMC012: Introduce ACME for S/MIME Summary: This ballot introduces a new method for validation of mailbox control, using ACME for S/MIME as defined in RFC 8823: Extensions to Automatic Certificate Management Environment for End-User S/MIME

ZjQcmQRYFpfptBannerStart

This Message Is From an External Sender

This message came from outside your organization.

    Report Suspicious    ‌

ZjQcmQRYFpfptBannerEnd

--

Dimitris Zacharopoulos (HARICA)

unread,
May 29, 2025, 10:26:31 AM5/29/25
to 'Stephen Davidson' via S/MIME Certificate WG - Public (CA/B Forum)
HARICA votes "yes" to ballot SMC012.
--

Hazhar Ismail

unread,
May 29, 2025, 8:31:06 PM5/29/25
to smcwg-...@groups.cabforum.org
MSC Trustgate votes "YES" to ballot SMC012.


From: 'Stephen Davidson' via S/MIME Certificate WG - Public (CA/B Forum) <smcwg-...@groups.cabforum.org>
Sent: Tuesday, 27 May, 2025 12:46 AM
To: smcwg-...@groups.cabforum.org <smcwg-...@groups.cabforum.org>
Subject: [Smcwg-public] [Voting for Approval] Ballot SMC012: Introduce ACME for S/MIME
 
--

peter.mez...@gmail.com

unread,
May 30, 2025, 2:14:08 AM5/30/25
to S/MIME Certificate WG - Public (CA/B Forum), Stephen Davidson

Disig votes „YES“ on Ballot SMC012: Introduce ACME for S/MIME.

 

Regards

Peter Miskovic


Dátum: pondelok 26. mája 2025, čas: 18:47:03 UTC+2, odosielateľ: Stephen Davidson

Tom Zermeno

unread,
May 30, 2025, 10:25:18 AM5/30/25
to smcwg-...@groups.cabforum.org

SSL.com votes “Yes” on SMC012.

 

-Tom

--

Ashish Dhiman

unread,
Jun 1, 2025, 8:54:57 AM6/1/25
to smcwg-...@groups.cabforum.org
GlobalSign Votes Yes to Ballot SMC012

Ashish


From: 'Stephen Davidson' via S/MIME Certificate WG - Public (CA/B Forum) <smcwg-...@groups.cabforum.org>
Sent: Monday, May 26, 2025 10:16:58 PM
To: smcwg-...@groups.cabforum.org <smcwg-...@groups.cabforum.org>
Subject: [Smcwg-public] [Voting for Approval] Ballot SMC012: Introduce ACME for S/MIME
 
--

大野 文彰

unread,
Jun 1, 2025, 10:30:08 PM6/1/25
to smcwg-...@groups.cabforum.org

SECOM Trust Systems votes YES on Ballot SMC012.

 

Best regards,

 

ONO Fumiaki / 大野 文彰

SECOM Trust Systems Co., Ltd.

--

Lahtiharju, Pekka

unread,
Jun 2, 2025, 1:27:16 AM6/2/25
to smcwg-...@groups.cabforum.org

Telia Company votes YES on Ballot SMC012.

 

Best regards,

 

Pekka Lahtiharju

Senior Development Manager | Trust Services

Telia


This email may contain information which is privileged or protected against unauthorized disclosure or communication. If you are not the intended recipient, please notify the sender and delete this message and any attachments from your system without producing, distributing or retaining copies thereof or disclosing its contents to any other person.

Telia Company processes emails and other files that may contain personal data in accordance with Telia Company’s Privacy Policy.



Henschel, Andreas

unread,
Jun 2, 2025, 2:02:32 AM6/2/25
to smcwg-...@groups.cabforum.org

D-TRUST votes YES on Ballot SMC012

 

KR

Andreas

--

Kateryna Aleksieieva

unread,
Jun 2, 2025, 2:24:13 AM6/2/25
to smcwg-...@groups.cabforum.org

Certum votes YES on Ballot SMC012

 

Kind regards,

Kateryna Aleksieieva

From: 'Stephen Davidson' via S/MIME Certificate WG - Public (CA/B Forum) <smcwg-...@groups.cabforum.org>

Sent: Monday, May 26, 2025 6:47 PM
To: smcwg-...@groups.cabforum.org

--

Stephen Davidson

unread,
Jun 2, 2025, 1:31:05 PM6/2/25
to smcwg-...@groups.cabforum.org

The voting period for SMC012: Introduce ACME for S/MIME has completed. The ballot has: PASSED

Voting Results

Certificate Issuers
16 votes in total:
 * 15 voting YES: Actalis S.p.A., Asseco Data Systems SA (Certum), Carillon Information Security Inc., DigiCert, D-TRUST, GlobalSign, HARICA, IdenTrust, Logius PKIoverheid, MSC Trustgate Sdn Bhd, SECOM Trust Systems, Sectigo, SSL.com, SwissSign, Telia Company
 * 0 voting NO:
 * 1 ABSTAIN: Entrust

Certificate Consumers
2 votes in total:
 * 2 voting YES: Mozilla, rundQuadrat
 * 0 voting NO:
 * 0 ABSTAIN:

 

Bylaws Requirements

1. Bylaw 2.3(6) requires:
 * In order for a ballot to be adopted by the Forum, twothirds (2/3) or more of the votes cast by the Voting Members in the Certificate Issuer category must be in favour of the ballot. This requirement was MET.
 * at least fifty percent (50%) plus one (1) of the votes cast by the Voting Members in the Certificate Consumer category must be in favour of the ballot. This requirement was MET.
 * At least one (1) Voting Member in each category must vote in favour of a ballot for the ballot to be adopted. This requirement was MET.
2. Bylaw 2.3(7) requires:
 * A ballot result will be considered valid only when more than half of the number of currently active Voting Members has participated. The number of currently active Voting Members is the average number of Voting Member organizations that have participated in the previous three (3) Forum Meetings and Forum Teleconferences.
  * the quorum was 11 for this ballot. This requirement was MET.

This ballot now enters the IP Rights Review Period to permit members to review the ballot for relevant IP rights issues. This will be notified in a separate email.

 

Stephen Davidson

unread,
Jun 2, 2025, 2:13:25 PM6/2/25
to smcwg-...@groups.cabforum.org

NOTICE OF REVIEW PERIOD


This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.3). This Review Period of 30 days is for one Final Maintenance Guidelines. The complete Draft Maintenance Guideline that is the subject of this Review Notice is attached to this email.

Summary of Review
Ballot for Review: 
https://cabforum.org/2025/05/19/ballot-smc-012/
A redline is available at https://cabforum.org/uploads/CA-Browser-Forum-SMIMEBR-1.0.10-Redline.pdf
Start of Review Period: 2025-06-02 18:00:00 UTC
End of Review Period: 2025-07-02 18:00:00 UTC

Members with any Essential Claim(s) to exclude must forward a written Notice to Exclude Essential Claims to the Working Group Chair (Stephen Davidson) and also submit a copy to the CA/B Forum public mailing list (pub...@groups.cabforum.org) before the end of the Review Period. For details, please see the current version of the CA/Browser Forum Intellectual Property Rights Policy.  (An optional template for submitting an Exclusion Notice is available at https://cabforum.org/wp-content/uploads/Template-for-Exclusion-Notice.pdf)

 

Reply all
Reply to author
Forward
0 new messages