Large scale study of S/MIME

26 views
Skip to first unread message

Stephen Davidson

unread,
Sep 14, 2025, 5:57:56 AM (7 days ago) Sep 14
to smcwg-...@groups.cabforum.org

https://www.usenix.org/system/files/usenixsecurity25-oendaroe.pdf 
Academic paper from 34th USENIX Security Symposium, August 13–15, 2025   
Part of the analysis was done using the S/MIME BR and DigiCert’s contributed open-source linter for S/MIME, PKILINT.

May be interesting topic for further discussion in the SMCWG.


We report on the first broad analysis of real-world S/MIME certificates for digitally signing and encrypting emails. We collected more than 41 million unique X.509 certificates from public address books, i.e., LDAP servers, of which 38 million fulfill the requirements for use with S/MIME in email clients. Despite the surprisingly complex construction of trust chains for S/MIME certificates, we could build chains for a large subset of certificates and show which are trusted in widely used applications. Our results show that many of those S/MIME certificates are issued by non-publicly trusted CAs. Our analysis of the cryptographic keys, certificate attributes, and new regulations, i.e., the CA/Browser Forum’s S/MIME Baseline Requirements, shows that the S/MIME PKI is generally heading in the right direction. Most certificates using compromised or weak key material have expired, weak cryptographic algorithms are being phased out, and CAs are generally issuing more secure certificates. However, the underlying RFCs and email clients should be more stringent about what is considered an S/MIME certificate. Additionally, CAs should improve the distribution of certificate chains to improve user experience and security.  

 

Regards, Stephen

Reply all
Reply to author
Forward
0 new messages