SMC-05 passed

Ballot SMC05: Adoption of CAA for S/MIME

S/MIME Certificate Working Group

Key dates

Effective date: 15 Sep 2024 1 year ago
Voting opened: 10 Jan 2024 2 years ago
Voting closed: 17 Jan 2024 2 years ago
IPR review ends: 16 Feb 2024 2 years ago
Discussion opened: 03 Jan 2024 2 years ago
Discussion closed: 10 Jan 2024 2 years ago

Resources

⎇ GitHub diff https://github.com/cabforum/smime/compare/5fb2a7ee94d1c5684d5f32af11572e8c10cd2f8c...1fbbdc8f908e6eba779b4ea0de1cbfd20e156c3a https://github.com/cabforum/smime/compare/5fb2a7ee94d1c5684d5f32af11572e8c10cd2f8c...1fbbdc8f908e6eba779b4ea0de1cbfd20e156c3a

± Redline https://cabforum.org/wp-content/uploads/CA-Browser-Forum-SMIMEBR-1.0.3-redline.pdf https://cabforum.org/wp-content/uploads/CA-Browser-Forum-SMIMEBR-1.0.3-redline.pdf

⤓ Document https://cabforum.org/uploads/CA-Browser-Forum-SMIMEBR-1.0.3.pdf https://cabforum.org/uploads/CA-Browser-Forum-SMIMEBR-1.0.3.pdf

⤓ Document https://cabforum.org/wp-content/uploads/Template-for-Exclusion-Notice.pdf https://cabforum.org/wp-content/uploads/Template-for-Exclusion-Notice.pdf

AI Summary

Generated 2026-06-23 21:42 UTC

Ballot overview

Ballot SMC05, Adoption of CAA for S/MIME, proposed changes to the S/MIME Baseline Requirements to introduce Certification Authority Authorization processing for email addresses as defined in RFC 9495.
The ballot also included minor typographic and formatting corrections.
The motion modified S/MIME Baseline Requirements version 1.0.2 into version 1.0.3.

Voting and adoption

The voting period completed and the ballot passed.
Certificate Issuers: 19 yes, 0 no, 0 abstain.
Certificate Consumers: 3 yes, 0 no, 0 abstain.
The bylaws requirements for issuer and consumer approval and quorum were met.
The IPR period completed with no IPR Exclusion Notices filed, and the ballot was adopted as of February 20, 2024.

Main requirements added

Starting on September 15, 2024, CAs must state their policy or practice on processing CAA Records for Mailbox Addresses in Section 4.2 of their CP and/or CPS.
Starting on September 15, 2024, prior to issuing a Certificate that includes a Mailbox Address, CAs should retrieve and process CAA records in accordance with RFC 9495.
Starting on March 15, 2025, prior to issuing a Certificate that includes a Mailbox Address, CAs shall retrieve and process CAA records in accordance with RFC 9495.
CAs must process the issuemail property tag as specified in RFC 9495.
Additional property tags may be supported, but must not conflict with or supersede the authorizations in issuemail.
If a Certificate is issued following a CAA check, it must be issued within the TTL of the CAA record or 8 hours, whichever is greater.
If a Certificate includes more than one Mailbox Address, the CA must perform the procedure for each Mailbox Address.
CAA checking is optional for Certificates issued by a Technically Constrained Subordinate CA Certificate when the lack of CAA checking is an explicit contractual provision in the contract with the Technically Constrained Subordinate CA Applicant.
A CA must not issue a Certificate unless it determines the Certificate Request is consistent with the applicable CAA RRset.
CAs must log all actions taken, if any, consistent with their CAA processing practice.
CAs may treat a record lookup failure as permission to issue only if the failure is outside the CA's infrastructure, the lookup has been retried at least once, and the domain's zone does not have a DNSSEC validation chain to the ICANN root.

Document publication

The new S/MIME BR v.1.0.3 was published to the CABF public website.
The linked PDF is dated February 20, 2024.
The GitHub diff shows the new version 1.0.3 and the new applicability dates of September 15, 2024 and March 15, 2025.

Model: gpt-5.4-mini Confidence: 0.98 Result: passed

Effective date: 2024-09-15
Voting opened: 2024-01-10
Voting closed: 2024-01-17
IPR review ends: 2024-02-16
Discussion opened: 2024-01-03
Discussion closed: 2024-01-10

Applicability and conditions

2024-09-15 — State the CA policy or practice on processing CAA Records for Mailbox Addresses in Section 4.2 of the CP and/or CPS All CAs publishing CP/CPS statements about CAA processing for Mailbox Addresses

2024-09-15 — Should retrieve and process CAA records in accordance with RFC 9495 before issuing the Certificate Certificates that include a Mailbox Address

2025-03-15 — Shall retrieve and process CAA records in accordance with RFC 9495 before issuing the Certificate Certificates that include a Mailbox Address

AI-generated from the CABF ballot page. The official CABF article remains the authoritative source.

Vote result

Certificate Issuers 19 yes 0 no 0 abstain

Certificate Consumers 3 yes 0 no 0 abstain

CABF ballot approval depends on both voting classes; CA votes alone are not decisive.

22 Yes

0 No

0 Abstain

100% yes · 0% no

Proposers

Corey Bonnell of DigiCert and endorsed by Dimitris Zacharopoulos of HARICA and Ben Wilson of Mozilla.

Excerpt

SearchHome » All CA/Browser Forum Posts » Ballot SMC05: Adoption of CAA for S/MIMEBallot SMC05: Adoption of CAA for S/MIMEThe Intellectual Property Review (IPR) period for Ballot SMC05 (Adoption of CAA for S/MIME) has completed. No IPR Exclusion Notices were filed, and the ballot is adopted as of February 20, 2024.

View on cabforum.org → Last fetched 15 hours ago