SIGNIFLOW

Discover our signature platform: sign and request signature for your PDFs in a fex clicks!

JOIN OUR AFFILIATE NETWORK

Join our affiliate network
and become a local SSL expert
Learn more about our program

PRODUCTS TO DISCOVER

SSL certificates Invoice signature eIDAS certificates Signature software

Menu
picture of tbs certificates
picture of tbs certificates
Certificates
ALL CERTIFICATES
SSL Extended Validation SSL Standard eIDAS certificates SSL ECC SSL wildcard SSL Multiple sites / SAN Quick and Dirty SSL
Specific certificates VMC certificates
E-signature Strong authentication S/MIME certificates
Test certificates PKI Solutions Trust Seals
SigniFlow: the platform to sign and request signature for your documents
Signature software
Our products range
TBS X509 DigiCert Thawte Sectigo GlobalSign GeoTrust ChamberSign SigniFlow Harica
Partners
Client login Customer accounts Open an account
Support
FAQ SHA256: Browsers' compatibility ECC: Browsers' compatibility
Focus
Invoices dematerialization
We now provide solutions compliant with RGS** and eIDAS qualified standards for invoices signature and time stamping. Further information


20230602 - Creation of the Baseline Requirements for S/MIME certificates

In 2012, the CA/B Forum edited the first version of its Baseline Requirements regulating the SSL certificates issuance and management.

The Baseline Requirements are a set of standards passed by a consortium of certification authorities and browser's editors that defines a strict framework regarding SSL certificates audit processes, lifetime cycle or the technologies to be used.

On January 1st, 2023 the CA/B Forum published a first version of Baseline Requirements specifically written for S/MIME (Secure/Multipurpose Internet Mail Extension) certificates.

For which certificates?

They will apply to all publicly trusted digital certificates that include the Extended Key Usage (EKU) extension for id-kp-emailProtection (OID: 1.3.6.1.5.5.7.3.4) or that include an email address in the SAN (subjectAltName) extension.

Those certificates are mainly used to sign and encipher e-mails, to do strong authentication or to sign documents.

When will they take effect?

The Baseline Requirements will come into effect on September 1st, 2023. The S/MIME certificates issued prior to this date won't be impacted and will work properly until their expiration date.

What's in the BR?

The BR will help harmonize several processes, notably:

  • The type of certificates
  • Their lifetime cycle
  • The audit rules
  • The certificates management, CRLs and OCSP profiles
  • The security standards and the technologies used for the certificates issuance

The types of certificates

The BR define 4 types of S/MIME certificates:

  • The "Mailbox-Validate": The certificate subject is limited to an e-mail address or a serial number
  • The "Organization‐validated": The subject only includes information regarding a legal entity
  • The "Individual‐validated": The subject only includes information regarding a natural person (the certificate holder)
  • The "Sponsor‐validated": The subject includes both information regarding a natural person (the certificate holder) and a moral person

What are the changes to be expected?

This first version of the S/MIME BR only formalizes the standards already in use by all the stakeholders of the sector. There won't be a big change in September.

The following versions will probably bring more novelties such as the CAA checking for example. To be continued!

Useful links