Draft SMCWG agenda - Wednesday, December 3, 2025
Stephen Davidson
S/MIME Certificate Working Group
Draft SMCWG agenda - Wednesday, December 3, 2025 at 11:00 am Eastern time
Here is a draft agenda for the teleconference described in the subject of this message. Please review and propose changes if necessary.
1. Roll Call
2. Note well: Antitrust / Compliance Statement
3. Approval of past minutes
* November 19
4. Review Agenda
5. Membership applications:
* NA
6. Discussion
* Topic 1: Invited guest presentation. S/MINE: Collecting and Analyzing S/MIME Certificates at Scale. Gurur Öndarö et al.
Abstract:
We report on the first broad analysis of real-world S/MIME certificates for digitally signing and encrypting emails. We collected more than 41 million unique X.509 certificates from public address books, i.e., LDAP servers, of which 38 million fulfill the requirements for use with S/MIME in email clients. Despite the surprisingly complex construction of trust chains for S/MIME certificates, we could build chains for a large subset of certificates and show which are trusted in widely used applications. Our results show that many of those S/MIME certificates are issued by non-publicly trusted CAs.
Our analysis of the cryptographic keys, certificate attributes, and new regulations, i.e., the CA/Browser Forum's S/MIME Baseline Requirements, shows that the S/MIME PKI is generally heading in the right direction. Most certificates using compromised or weak key material have expired, weak cryptographic algorithms are being phased out, and CAs are generally issuing more secure certificates. However, the underlying RFCs and email clients should be more stringent about what is considered an S/MIME certificate. Additionally, CAs should improve the distribution of certificate chains to improve user experience and security.
See more at https://www.usenix.org/conference/usenixsecurity25/presentation/oendaroe
* Topic 2: As time allows, request for background on serverAuth/clientAuth certs for smtp-to-smtp purposes for subsequent discussion. Status of December 17 call TBD.
7. Ballot Status Updates
* In Development: Pseudonym, mDL, eID, section 7 re-write
* In Discussion Period: NA
* In Voting Period: NA
* Under IPR Review: NA
* Approved and Effective: SMC014: DNSSEC for CAA (October 13)
8. Next meeting: Status of December 17 call TBD … then January 14, 2025 at 11 am Eastern
Meeting of December 31 has been cancelled.
9. Any other business
10. Adjourn
Note well: All participants are reminded that they must comply with the CA/Browser Forum's Bylaws, which include an antitrust policy, a code of conduct, and an intellectual property rights agreement. Please contact the Forum Chair with any comments or concerns
about the Bylaws or these policies. Please note that this meeting is being recorded.
Marco Schambach
No recording of the 12/3/2025 meeting? Maybe dur to the fact that the entire meeting was devoted to the guest presentation?
Thanks
Marco S.
TrustID Program Manager
--
You received this message because you are subscribed to the Google Groups "S/MIME Certificate WG - Public (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to smcwg-public...@groups.cabforum.org.
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/smcwg-public/BL1PR14MB51437F992E4B8460451C9C81E5DBA%40BL1PR14MB5143.namprd14.prod.outlook.com.
Martijn Katerbarg
Sent: Thursday, December 4, 2025 4:41 PM
To: smcwg-...@groups.cabforum.org <smcwg-...@groups.cabforum.org>
Subject: [Smcwg-public] RE: Draft SMCWG agenda - Wednesday, December 3, 2025 - Recording missing