Ballot SMC010 - Introduction of Multi-Perspective Issuance Corroboration

Ballot overview

• Ballot SMC010, Introduction of Multi-Perspective Issuance Corroboration, was adopted and passed.
• It adds Multi-Perspective Issuance Corroboration for S/MIME CAs when performing Email Domain Control Validation and Certification Authority Authorization checks.
• The ballot says the implementation is consistent with the TLS Baseline Requirements.

Voting and IPR

• The voting period completed and the ballot passed.
• Voting results met the bylaws requirements in both the Certificate Issuer and Certificate Consumer categories.
• The IPR review period completed.
• No IPR Exclusion Notices were filed.
• The ballot is adopted as of December 22, 2024.

Compliance timeline

• The ballot states a Compliance Date of May 15, 2025.
• It also states that some S/MIME CAs with no TLS operations may need additional time to deploy MPIC.
• Before March 15, 2025, CAs SHOULD implement MPIC.
• Effective May 15, 2025, CAs SHALL implement MPIC.
• The ballot says that after May 15, 2025, the implementation timeline described in TLS BR section 3.2.2.9 applies.

Document changes

• The S/MIME Baseline Requirements were published as version 1.0.8.
• The redline and compare artifacts show the new MPIC requirement added to the requirements and definitions.
• The ballot also updates the reference to TLS Baseline Requirements to mean the current version rather than version 2.0.5.

Scope of the requirement

• MPIC is defined as corroborating domain validation and CAA determinations made by the Primary Network Perspective with other Network Perspectives before certificate issuance.
• The ballot applies to CAs issuing Publicly-Trusted S/MIME Certificates.
• The evidence specifically ties the MPIC requirement to Email Domain Control Validation and CAA checks for S/MIME Certificates.