S/MIME Baseline Requirements 1.0.0 valid from 1. Sep 2023 The Business.ID will implement the requirements on September 1st, 2023. The S/MIME Baseline Requirements 1.0.0 has been adopted by the CA/Browser Forum and will be effective on September 1, 2023.The new S/MIME Baseline Requirement 1.0.0 is published on the CA/Browser Forum website: https://cabforum.org/smime-br/ The Business.ID (SBCA) team will implement the new and changed requirements in a timely manner.One of the most important points will be the elimination of the OU fields. This means that from September 1st, 2023 - similar to the regulation for TLS server certificates - the OU fields in user certificates will no longer be included. In the Business.ID (SBCA) web front end these fields are still visible.In addition, the terminology of the user certificates in the Business.ID will change:SponsorValidated OrganizationValidated Business.ID will not offer any MailboxValidated certificates.An overview of the planned mapping in the Business.ID can be found here: Current profile Future mode Name Form Natürliche Person (The CommonName in the certificate is made up of first name plus last name) CN=“GN + SN“ SponsorValidated Multipurpose(EKU) 825 days running time PolicyID 2.23.140.1.5.3.2 CN = GN + SN KeyUsage/ExtendedKeyUsage was until know Pseudonym (The CommonName in the certificate is made up of the Präfix „PN:“ and the Pseudonym) CN=“PN: CN“ SponsorValidated Multipurpose(EKU) 825 days running time PolicyID 2.23.140.1.5.3.2 CN= Pseudonym Präfix PN: will be deleted Assign CN mandatory to an individual person Gruppenzertifikat The CommonName in the certificate is made up of the Präfix „GRP:“ and the name) CN = „GRP: CN“ OrganizationValidated Multipurpose(EKU) 825 days running time PolicyID 2.23.140.1.5.2.2 CN= Mail address More email in SAN Prefix GRP: will be removed Juristische Person (The CommonName is equal to the Organization name ) CN = CN OrganizationValidated Multipurpose(EKU) 825 days running time PolicyID 2.23.140.1.5.2.2 CN= Organisationsname (ETSI) No change in name Machines, robots, automata CN =SYS: CN OrganizationValidated Multipurpose(EKU) 825 days running time PolicyID 2.23.140.1.5.2.2 This sub-type "SYS:" will no longer be offered in the future, since the name can be entered in the same way as for the group certificate. In Business.ID, registration agents (RAs) previously had to meet the following requirement when identifying natural persons:"The identity of a natural person as an applicant or certificate holder MUST be verified either directly in the physical presence of the person by presentation of an official ID or indirectly, using means that offer security comparable to physical presence." The new S/MIME Baseline Requirements further emphasizes this requirement as "face to face" in particular. Your Business.ID (SBCA) team