% Zurück zur Übersicht

S/MIME Baseline Requirements 1.0.0 valid from 1. Sep 2023

The Business.ID will implement the requirements on September 1st, 2023.

 

The S/MIME Baseline Requirements 1.0.0 has been adopted by the CA/Browser Forum and will be effective on September 1, 2023.

The new S/MIME Baseline Requirement 1.0.0 is published on the CA/Browser Forum website: https://cabforum.org/smime-br/

 

The Business.ID (SBCA) team will implement the new and changed requirements in a timely manner.

One of the most important points will be the elimination of the OU fields. This means that from September 1st, 2023 - similar to the regulation for TLS server certificates - the OU fields in user certificates will no longer be included. In the Business.ID (SBCA) web front end these fields are still visible.

In addition, the terminology of the user certificates in the Business.ID will change:

  • SponsorValidated
  • OrganizationValidated

Business.ID will not offer any MailboxValidated certificates.

An overview of the planned mapping in the Business.ID can be found here:

Current profile

Future mode

Name Form

Natürliche Person

(The CommonName in the certificate is made up of first name plus last name)

CN=“GN + SN“

SponsorValidated
Multipurpose(EKU)

825 days running time

PolicyID 2.23.140.1.5.3.2

CN = GN + SN
KeyUsage/ExtendedKeyUsage was until know

 

Pseudonym
(The CommonName in the certificate is made up of the Präfix „PN:“ and the Pseudonym)

CN=“PN: CN“

SponsorValidated
Multipurpose(EKU)

825 days running time

PolicyID 2.23.140.1.5.3.2

CN= Pseudonym

Präfix PN: will be deleted

Assign CN mandatory to an individual person

Gruppenzertifikat

The CommonName in the certificate is made up of the Präfix „GRP:“ and the name)

CN = „GRP: CN“

OrganizationValidated
Multipurpose(EKU)

825 days running time
PolicyID 2.23.140.1.5.2.2

CN= Mail address

More email in SAN

Prefix GRP: will be removed

Juristische Person

(The CommonName is equal to the Organization name )

CN = CN

OrganizationValidated
Multipurpose(EKU)

825 days running time
PolicyID 2.23.140.1.5.2.2

CN= Organisationsname

(ETSI)

No change in name

Machines, robots, automata

CN =SYS: CN

 

OrganizationValidated
Multipurpose(EKU)

825 days running time
PolicyID 2.23.140.1.5.2.2

This sub-type "SYS:" will no longer be offered in the future, since the name can be entered in the same way as for the group certificate.

In Business.ID, registration agents (RAs) previously had to meet the following requirement when identifying natural persons:

"The identity of a natural person as an applicant or certificate holder MUST be verified either directly in the physical presence of the person by presentation of an official ID or indirectly, using means that offer security comparable to physical presence."

 

The new S/MIME Baseline Requirements further emphasizes this requirement as "face to face" in particular.

 

Your Business.ID (SBCA) team

% Zurück zur Übersicht