[Discussion] Ballot SMC017: Increase Minimum RSA CA Key Size
Stephen Davidson
Ballot SMC017: Increase Minimum RSA CA Key Size
Summary:
This ballot increases the minimum RSA key size for Root and Subordinate CA certificates in the S/MIME BRs from 2048 to 4096 bits for keys created on or after September 15, 2026, while retaining the 2048-bit minimum for Subscriber certificates.
The ballot further requires that by September 15, 2027, CAs SHALL NOT issue certificates from any Sub-CA whose RSA key modulus is less than 4096 bits, effectively sunsetting issuance from legacy 2048-bit Sub-CAs.
This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Ben Wilson (Mozilla) and Roman Fischer (SwissSign).
— Motion Begins —
This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly-Trusted S/MIME Certificates” (“S/MIME Baseline Requirements”), based on Version 1.0.13.
MODIFY the Baseline Requirements as specified in the following Redline:
— Motion Ends —
This ballot proposes a Final Maintenance Guideline. The procedure for approval of this ballot is as follows:
Discussion (at least 7 days)
* Start time: April 29, 2026 at 18:30:00 UTC
* End time: May 6, 2026 at 18:30:00 UTC
Stephen Davidson
Voting for Approval
* Start time: May 6, 2026 at 21:30:00 UTC
* End time: May 13, 2026 at 21:30:00 UTC
Stefan Selbitschka
regards
stefan
On 5/6/26 22:15, 'Stephen Davidson' via S/MIME Certificate WG - Public (CA/B Forum) wrote:
> *Ballot SMC017: Increase Minimum RSA CA Key Size*
>
> **
>
> *Summary: *
>
> **
> This ballot increases the minimum RSA key size for Root and Subordinate CA certificates in the S/
> MIME BRs from 2048 to 4096 bits for keys created on or after September 15, 2026, while retaining the
> 2048-bit minimum for Subscriber certificates.
>
> The ballot further requires that by September 15, 2027, CAs SHALL NOT issue certificates from any
> Sub-CA whose RSA key modulus is less than 4096 bits, effectively sunsetting issuance from legacy
> 2048-bit Sub-CAs.
>
> This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Ben Wilson (Mozilla) and
> Roman Fischer (SwissSign).
>
> — Motion Begins —
>
> This ballot modifies the “Baseline Requirements for the Issuance and Management of Publicly-Trusted
> S/MIME Certificates” (“S/MIME Baseline Requirements”), based on Version 1.0.13.
>
> MODIFY the Baseline Requirements as specified in the following Redline:
>
> https://github.com/cabforum/smime/
> url.avanan.click/v2/r01/___https:/github.com/cabforum/smime/
> compare/21bda9e4a5f04f373dbd359b4e2213a3f4910c76...a6d582ab7da98ac1ca7fd92f35f321aa9f70df37___.YXAzOmRpZ2ljZXJ0OmE6bzo5ZDNmNTkwMWU3M2UyNWE5Y2Q3NDIxZjUyODc3NmMyMjo3OjYyZGI6Y2VhMzVjZDc0ZGU1YTIxYjRjNWUyMzRmMzYwNjg4ZjU3ZTBiYjE5ZjYzNmJmMWIwNjM4MThiMTQ2ZTgwZmQ2ODpoOlQ6Rg>
> — Motion Ends —
>
> This ballot proposes a Final Maintenance Guideline. The procedure for approval of this ballot is as
> follows:
>
> * Start time: April 29, 2026 at 18:30:00 UTC
>
> * End time: May 6, 2026 at 18:30:00 UTC
>
> * Start time: May 6, 2026 at 21:30:00 UTC
>
> * End time: May 13, 2026 at 21:30:00 UTC
>
> You received this message because you are subscribed to the Google Groups "S/MIME Certificate WG -
> Public (CA/B Forum)" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to smcwg-
> public+un...@groups.cabforum.org <mailto:smcwg-public...@groups.cabforum.org>.
> To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/smcwg-public/
> BL1PR14MB5143A997B4F8434F7085F0DBE53F2%40BL1PR14MB5143.namprd14.prod.outlook.com <https://
> groups.google.com/a/groups.cabforum.org/d/msgid/smcwg-public/
> BL1PR14MB5143A997B4F8434F7085F0DBE53F2%40BL1PR14MB5143.namprd14.prod.outlook.com?
> utm_medium=email&utm_source=footer>.
Pedro FUENTES
To unsubscribe from this group and stop receiving emails from it, send an email to smcwg-public...@groups.cabforum.org.
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/smcwg-public/a946afcb-b3f6-402e-81e3-435d0f898aef%40rundquadrat.at.
WISeKey SA
Adriano Santoni
Actalis votes 'yes' to SMC017.
--
You received this message because you are subscribed to the Google Groups "S/MIME Certificate WG - Public (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to smcwg-public...@groups.cabforum.org.
Ben Wilson
--
Azira Zakaria
MSC Trustgate votes “Yes” on Ballot SMC017
BR,
Azira
--
Ashish Dhiman
GlobalSign Votes Yes to Ballot SMC017
Ashish
--
You received this message because you are subscribed to the Google Groups "S/MIME Certificate WG - Public (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to smcwg-public...@groups.cabforum.org.
Wojciech Trapczyński
Certum votes Yes to Ballot SMC017.
--
You received this message because you are subscribed to the Google Groups "S/MIME Certificate WG - Public (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to smcwg-public...@groups.cabforum.org.
Dimitris Zacharopoulos (HARICA)
I'm sorry for missing the discussion for this ballot. Is there a rationale why 3072 bits are not allowed? Most international crypto standards deprecate RSA keys below 3000 bits which means 3072 should still be considered safe. Using 3072 is certainly is more performant for signing OCSP responses at scale than 4096.
Thanks,
Dimitris.
--
You received this message because you are subscribed to the Google Groups "S/MIME Certificate WG - Public (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to smcwg-public...@groups.cabforum.org.
Henschel, Andreas
D-TRUST votes ‚yes‘ on Ballot SMC017
KR
Andreas
--
You received this message because you are subscribed to the Google Groups "S/MIME Certificate WG - Public (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
smcwg-public...@groups.cabforum.org.
蔡家宏(chtsai)
TWCA votes Yes on Ballot on SMC017.
Best Regards
蔡家宏 Chya-Hung Tsai
Director
Identification & Certificate Research
Tel: +886-2-2370-8886 ext. 722
Fax: +886-2-2388-6720
Email: cht...@twca.com.tw
10F., No. 85, Yanping South Road,
Taipei 100002, Taiwan(R.O.C.)
https://www.twca.com.tw
From: 'Stephen Davidson' via S/MIME
Certificate WG - Public (CA/B Forum) <smcwg-...@groups.cabforum.org>
Sent: Thursday, May 7, 2026 4:16 AM
To: smcwg-...@groups.cabforum.org
--
Stephen Davidson
Hi Dimitris:
The initial proposal was 3072 but following rounds of discussion, the WG decided to boost it to 4096.
Regards, Stephen
--
You received this message because you are subscribed to the Google Groups "S/MIME Certificate WG - Public (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to smcwg-public...@groups.cabforum.org.
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/smcwg-public/2061c295-5f8a-4493-baef-e9360c0a2237%40harica.gr.
Dimitris Zacharopoulos
I'm looking for the reasoning or the key arguments of specific representatives from the WG that pushed for 4096.
If the reasoning is vague or "just because", it can have some weight on our voting.
Thanks,
DZ.
May 8, 2026 16:41:10 'Stephen Davidson' via S/MIME Certificate WG - Public (CA/B Forum) <smcwg-...@groups.cabforum.org>:
Judith Spencer
Greeting Dimitris
I suggested 4096 in lieu of 3072 for the CA certificates during working group discussion. Our experience has been that the larger key size for the CA certificates (currently still signing 2048 bit end user certificates) is not causing increased interoperability or performance issues, and it may provide additional protection for the CAs in the short term. The real test will come when and if we grow the end user certificates.
Judy
Judith Spencer | PMA Chair | CertiPath, Inc.
1900 Reston Metro Plaza, Suite 303, Reston, VA 20190
Email Judith....@CertiPath.com
CertiPath: Identity Without Compromise www.certipath.com
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/smcwg-public/7e47964c-6bde-4992-8343-7cfe005511cb%40harica.gr.
Dimitris Zacharopoulos (HARICA)
Greeting Dimitris
I suggested 4096 in lieu of 3072 for the CA certificates during working group discussion. Our experience has been that the larger key size for the CA certificates (currently still signing 2048 bit end user certificates) is not causing increased interoperability or performance issues, and it may provide additional protection for the CAs in the short term. The real test will come when and if we grow the end user certificates.
Judy
I'm not sure that approach is enough to warrant jumping to 4096 and leaving 3072 out. Issuing OCSP responses with 4096 bit RSA signatures has more performance issues than 3072.
International studies [1], [2] (scheduled for update) suggest deprecating RSA keys below 3000 bits.
Can I ask if the current SMBRs, with the proposed ballot, allow for delegated OCSP responders that can use 2048 bit RSA certificates?
Thanks,
Dimitris.
Judith Spencer
Stephen will have to correct me if wrong, but my understanding is this ballot affects the CAs only. You would sign a 2048 OCSP responder certificate (at least in the near future) which would be signing the responses. I don’t think this ballot prohibits 3072 OCSP responder certificates.
Judith Spencer | PMA Chair | CertiPath, Inc.
1900 Reston Metro Plaza, Suite 303, Reston, VA 20190
Email Judith....@CertiPath.com
CertiPath: Identity Without Compromise www.certipath.com
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/smcwg-public/aa75fe89-bc43-4183-9c47-0802a9718780%40harica.gr.
Nome Huang
Dustin Hollenback
On Apr 29, 2026, at 10:15 AM, 'Stephen Davidson' via S/MIME Certificate WG - Public (CA/B Forum) <smcwg-...@groups.cabforum.org> wrote:
--
You received this message because you are subscribed to the Google Groups "S/MIME Certificate WG - Public (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to smcwg-public...@groups.cabforum.org.
大野 文彰
SECOM Trust Systems votes YES on Ballot SMC017.
Best regards,
ONO Fumiaki / 大野 文彰
(Japanese name order: family name first, in uppercase)
SECOM Trust Systems CO., LTD.
From: 'Stephen Davidson' via S/MIME Certificate WG - Public (CA/B Forum) <smcwg-...@groups.cabforum.org>
Sent: Thursday, May 7, 2026 5:16 AM
To: smcwg-...@groups.cabforum.org
--
You received this message because you are subscribed to the Google Groups "S/MIME Certificate WG - Public (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to smcwg-public...@groups.cabforum.org.
Ruiter, Albert de
Logius votes in favor for this ballot
Kind regards,
Albert de Ruiter
Policy Authority PKIoverheid
Logius
Dienst Digitale Samenleving
Ministerie van Binnenlandse Zaken en Koninkrijksrelaties
........................................................................
M 06-22796535
........................................................................
Logius is continu op zoek naar nieuwe collega’s. Bekijk alle vacatures op onze website.
Samen zorgen we voor een digitale overheid die werkt voor iedereen
--
You received this message because you are subscribed to the Google Groups "S/MIME Certificate WG - Public (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
smcwg-public...@groups.cabforum.org.
To view this discussion visit
https://groups.google.com/a/groups.cabforum.org/d/msgid/smcwg-public/BL1PR14MB5143A997B4F8434F7085F0DBE53F2%40BL1PR14MB5143.namprd14.prod.outlook.com.
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.
This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
Tim Hollebeek
Sent: Wednesday, May 6, 2026 4:15 PM
To: smcwg-...@groups.cabforum.org
Subject: [Smcwg-public] [Voting for Approval] Ballot SMC017: Increase Minimum RSA CA Key Size
Dimitris Zacharopoulos (HARICA)
Thanks,
Dimitris.
Dimitris Zacharopoulos (HARICA)
Dimitris.
--
You received this message because you are subscribed to the Google Groups "S/MIME Certificate WG - Public (CA/B Forum)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to smcwg-public...@groups.cabforum.org.
Martijn Katerbarg
Sectigo votes NO to ballot SMC-017.
While we see no issue in restricting new issuance of leaf certificates to Subordinate CAs with an RSA key size of 4096 bits, we believe the restriction to no longer issue certificates from Subordinate CAs of at least RSA 3072 bits, is not deemed justified at this point.
Furthermore, and unfortunately we did not identify this during earlier review, hence the late notice on this list, we believe the current proposed language has an unintended side-effect:
To quote Dimitris, a few days ago:
>Can I ask if the current SMBRs, with the proposed ballot, allow for delegated OCSP responders that can use 2048 bit RSA certificates?
While this ballot does not block the usage of such certificates, it does block the issuance of any new Delegated OCSP Responder Certificates from any SubCA with a key size less than RSA 4096 bits. Specifically:
“Effective September 15, 2027 the CA SHALL NOT issue Certificates from any Subordinate CA whose RSA Key modulus size, when encoded, is less than 4096 bits.”
i.e.: An RSA 3072 bit Subordinate CA would no longer be able to issue a new Delegated OCSP Responder Certificate, regardless of keysize.
Added to that, this has an (in our eyes unintended) side-effect of potentially halting the issuance of new Cross Signed Subordinate CA certificates by legacy Root CAs, if such Root CAs themselves have in the past been cross-signed, and utilize a key size smaller
than RSA 4096 bits.
Once a Root CA is cross-signed, the cross-signed CA is effectively a Subordinate CA, and would need to adhere to this policy change. As such, any RSA 2048 or 3072 bit Cross Signed Root CA, would no longer be allowed to perform any cross-signing issuance (or any other type of issuance).
Regards,
Martijn
Date: Tuesday, 12 May 2026 at 09:29
To: 'Stephen Davidson' via S/MIME Certificate WG - Public (CA/B Forum) <smcwg-...@groups.cabforum.org>
Subject: Re: [Smcwg-public] [Voting for Approval] Ballot SMC017: Increase Minimum RSA CA Key Size
Dimitris Zacharopoulos (HARICA)
We should work on this ballot some more to ensure there are no unintended consequences.
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/smcwg-public/367dd478-8f95-4c5d-bdb6-f670fb28ecf5%40harica.gr.
Scott Rea
Date: Tuesday, 12 May 2026 at 7:57 AM
To: smcwg-...@groups.cabforum.org <smcwg-...@groups.cabforum.org>
Subject: Re: [Smcwg-public] [Voting for Approval] Ballot SMC017: Increase Minimum RSA CA Key Size
|
CAUTION: This email is originated from outside of the organization. Do not open the links or the attachments unless you recognize the sender and know the content is safe.
|
Pedro FUENTES
To view this discussion visit https://groups.google.com/a/groups.cabforum.org/d/msgid/smcwg-public/83008229-e620-4d07-9401-e1b373ed7f43%40harica.gr.
Stephen Davidson
Thanks Martijn.
As there have been several concerns raised, as the sponsor, we WITHDRAW ballot SMC017 and will address it in our May 20 meeting.
For those who have questions regarding the existing text, please ensure that you are able to join the meeting.
In particular, we’d welcome suggestions for amendments to the text so that the WG can discuss concrete proposals.
Best, Stephen
Martijn Katerbarg
Inigo Barreira
I think the first part of the proposal is ok for new CAs created after sept this year (even can be reduced to 3072). That will comply with the RSA <3000 bits issue.
The second part will need some additional work, but maybe allowing the above (3072) will have less impact and still compliant with the RSA <3000 issue.
De: 'Martijn Katerbarg' via S/MIME Certificate WG - Public (CA/B Forum) <smcwg-...@groups.cabforum.org>
Enviado el: martes, 12 de mayo de 2026 17:02
Para: smcwg-...@groups.cabforum.org
Asunto: Re: [Smcwg-public] [Voting for Approval] Ballot SMC017: Increase Minimum RSA CA Key Size
Thank you Stephen. I’m reserving some time tomorrow to work on a proposal with the original intended outcome. From: 'Stephen Davidson' via S/MIME Certificate WG - Public (CA/B Forum) <smcwg-public@ groups. cabforum. org> Date: Tuesday, 12
ZjQcmQRYFpfptBannerStart
|
ZjQcmQRYFpfptBannerEnd
Martijn Katerbarg
- The original ballot was created based on the fact that RSA < 3000 bits, is no longer allowed to be used. Several standards already appear to forbid this now, while others target 2030. There is no mention of < 4000, however.
- When the S/MIME BRs came into effect, many CAs were forced to issue new SubCAs in order to move away from Extant SubCA issuance. It seems, several CAs issued SubCAs with RSA 3072 bits at that point, in line with upcoming standards changes. It seems unreasonable to force the CAs doing the right thing at that time, to now have to replace these issuing CAs again, without any clear benefits.