Knowledge Base
New SMIME standard changes & FAQ's
Upcoming S/MIME standard changes, effective September 1, 2023
The CABF, a consortium of certification authorities and web browsers, has recently drafted and approved the Baseline Requirements for the issuance of Publicly Trusted S/MIME certificates to reinforce the security of email encryption and digital signatures, effective September 1, 2023. These changes will ensure strong encryption algorithms, secure key lengths, and reliable certificate validation procedures.
Key dates:
CABF has a strict requirement for following the new S/MIME Baseline Requirements starting September 1. Therefore, to comply with CABF requirement, Sectigo will stop issuing and re-issuing old SMIME certificates from August 28, 2023.
Action required: verify and update S/MIME configuration
We kindly request that you take the following actions to ensure a seamless transition and continued secure email communication:
• You may renew your certificates under existing standards before the deadline: Proactively renewing any expiring certificates before the cut-off date may ease the transition to new S/MIME certificates
• Understand how your organization is using publicly trusted S/MIME certificates today: To effectively navigate the S/MIME standards change, it is crucial to thoroughly understand how your organization is currently utilizing S/MIME certificate technology in its email communication workflows, including encryption, digital signatures, and certificate management.
• Revalidate your organization: You will need to revalidate your organizations to support the new validation rules before issuing new public S/MIME certificates after the deadline. This validation cannot be done automatically since additional organization information will be required.
• Plan for new S/MIME certificates: For any S/MIME certificates that will require renewal after the deadline, start planning your renewal adhering to the updated S/MIME standards.
FAQ’s
Frequently Asked Questions - Upcoming S/MIME standard changes effective September 1, 2023
Q1: What is happening with the S/MIME standards on September 1, 2023?
Starting from September 1, 2023, there will be a change in the Secure/Multipurpose Internet Mail Extensions (S/MIME) standards. These changes are driven by the CA/Browser (CA/B) Forum and aim to enhance the security and trustworthiness of email communication.
Q2: Why are the S/MIME standards being implemented?
The S/MIME standards are being implemented to ensure strong encryption algorithms, adequate key lengths, and reliable certificate validation procedures. These standards will contribute to a more secure email communication ecosystem.
Q3: Why is Sectigo implementing an earlier cut-off date vs. September 1, 2023?
Sectigo will be offering new Baseline Requirements (BR) compliant S/MIME certificates in early August and enforcing an earlier cut-off date on August 28, 2023, to ensure a smooth transition to the new requirements.
Q4: Who else is implementing and reinforcing this change?
All CAs that offer S/MIME certificates will need to ensure that their systems and offerings are updated to be compliant with the new standards.
Q5: How does this change impact my existing S/MIME certificates?
Existing S/MIME certificates will not be impacted and can still be used until they expire. Any renewals or replacements issued after the deadline will need to adhere to the new standards.
Q6: What actions do I need to take as an enterprise customer?
Due to the more stringent validation required in the updated standards, you should start planning ASAP and allow sufficient time to generate new S/MIME certificates for your organization and any new employees. onboarding after the Sectigo cut-off date of August 28, 2023. Plan and renew your existing S/MIME certificates before August 28, 2023, to reduce the short-term impact of this transition. You can seek help from your account manager or Sectigo support team 24/7 if you encounter any challenges during the transition.
Q7: How will these changes benefit my organization?
The CA/Browser Forum intends for the new S/MIME Baseline Requirements to ensure a uniformly high degree of security and trustworthiness for S/MIME certificates, just as the Baseline Requirements do for SSL and Code Signing certificates. As these are universal requirements that all public CAs must follow, ongoing use of S/MIME certificates requires adherence to these new standards.
Q8: What happens if I don’t update my S/MIME configuration?
Most environments will be able simply to use BR-compliant S/MIME certificates without impact. If your systems use certificates in an atypical way, with pinning, for example, that could result in service outages. To ensure maximum compatibility and uptime, you should look for and remove custom requirements that are beyond the expectations for commonplace S/MIME certificates.
Q9: Can I continue using my existing S/MIME certificates after September 1, 2023?
To comply with the new S/MIME standards, generating new S/MIME certificates that adhere to the updated requirements is recommended. While you may still be able to use existing certificates, replacing them with new certificates is advisable to benefit from the enhanced security features.
Q10: What support is available if I need assistance during the transition?
If you require any assistance or encounter challenges during the transition to the new S/MIME standards, our Sectigo support team is available to help 24/7.
Q11: Will these changes affect my email recipients who are using different email clients?
These changes are not expected to impact email clients. However, we recommend testing the compatibility of the new S/MIME certificates with other existing applications for your email recipients.
Q12: How do these changes contribute to overall email security?
The updated S/MIME standards, with stronger encryption algorithms, improved key lengths, and enhanced certificate validation procedures, enhance the security and trustworthiness of email communication. By adopting these changes, the integrity, confidentiality, and authenticity of your email communications will be strengthened, ensuring a higher level of overall email security.
Q13: Where can I find more information about the upcoming S/MIME standard changes?
For more information and further details about the upcoming S/MIME standard changes, you are invited to watch Sectigo New S/MIME Baseline Requirements Webinar or read about the official baseline requirements document here.
The CABF, a consortium of certification authorities and web browsers, has recently drafted and approved the Baseline Requirements for the issuance of Publicly Trusted S/MIME certificates to reinforce the security of email encryption and digital signatures, effective September 1, 2023. These changes will ensure strong encryption algorithms, secure key lengths, and reliable certificate validation procedures.
Key dates:
CABF has a strict requirement for following the new S/MIME Baseline Requirements starting September 1. Therefore, to comply with CABF requirement, Sectigo will stop issuing and re-issuing old SMIME certificates from August 28, 2023.
Action required: verify and update S/MIME configuration
We kindly request that you take the following actions to ensure a seamless transition and continued secure email communication:
• You may renew your certificates under existing standards before the deadline: Proactively renewing any expiring certificates before the cut-off date may ease the transition to new S/MIME certificates
• Understand how your organization is using publicly trusted S/MIME certificates today: To effectively navigate the S/MIME standards change, it is crucial to thoroughly understand how your organization is currently utilizing S/MIME certificate technology in its email communication workflows, including encryption, digital signatures, and certificate management.
• Revalidate your organization: You will need to revalidate your organizations to support the new validation rules before issuing new public S/MIME certificates after the deadline. This validation cannot be done automatically since additional organization information will be required.
• Plan for new S/MIME certificates: For any S/MIME certificates that will require renewal after the deadline, start planning your renewal adhering to the updated S/MIME standards.
FAQ’s
Frequently Asked Questions - Upcoming S/MIME standard changes effective September 1, 2023
Q1: What is happening with the S/MIME standards on September 1, 2023?
Starting from September 1, 2023, there will be a change in the Secure/Multipurpose Internet Mail Extensions (S/MIME) standards. These changes are driven by the CA/Browser (CA/B) Forum and aim to enhance the security and trustworthiness of email communication.
Q2: Why are the S/MIME standards being implemented?
The S/MIME standards are being implemented to ensure strong encryption algorithms, adequate key lengths, and reliable certificate validation procedures. These standards will contribute to a more secure email communication ecosystem.
Q3: Why is Sectigo implementing an earlier cut-off date vs. September 1, 2023?
Sectigo will be offering new Baseline Requirements (BR) compliant S/MIME certificates in early August and enforcing an earlier cut-off date on August 28, 2023, to ensure a smooth transition to the new requirements.
Q4: Who else is implementing and reinforcing this change?
All CAs that offer S/MIME certificates will need to ensure that their systems and offerings are updated to be compliant with the new standards.
Q5: How does this change impact my existing S/MIME certificates?
Existing S/MIME certificates will not be impacted and can still be used until they expire. Any renewals or replacements issued after the deadline will need to adhere to the new standards.
Q6: What actions do I need to take as an enterprise customer?
Due to the more stringent validation required in the updated standards, you should start planning ASAP and allow sufficient time to generate new S/MIME certificates for your organization and any new employees. onboarding after the Sectigo cut-off date of August 28, 2023. Plan and renew your existing S/MIME certificates before August 28, 2023, to reduce the short-term impact of this transition. You can seek help from your account manager or Sectigo support team 24/7 if you encounter any challenges during the transition.
Q7: How will these changes benefit my organization?
The CA/Browser Forum intends for the new S/MIME Baseline Requirements to ensure a uniformly high degree of security and trustworthiness for S/MIME certificates, just as the Baseline Requirements do for SSL and Code Signing certificates. As these are universal requirements that all public CAs must follow, ongoing use of S/MIME certificates requires adherence to these new standards.
Q8: What happens if I don’t update my S/MIME configuration?
Most environments will be able simply to use BR-compliant S/MIME certificates without impact. If your systems use certificates in an atypical way, with pinning, for example, that could result in service outages. To ensure maximum compatibility and uptime, you should look for and remove custom requirements that are beyond the expectations for commonplace S/MIME certificates.
Q9: Can I continue using my existing S/MIME certificates after September 1, 2023?
To comply with the new S/MIME standards, generating new S/MIME certificates that adhere to the updated requirements is recommended. While you may still be able to use existing certificates, replacing them with new certificates is advisable to benefit from the enhanced security features.
Q10: What support is available if I need assistance during the transition?
If you require any assistance or encounter challenges during the transition to the new S/MIME standards, our Sectigo support team is available to help 24/7.
Q11: Will these changes affect my email recipients who are using different email clients?
These changes are not expected to impact email clients. However, we recommend testing the compatibility of the new S/MIME certificates with other existing applications for your email recipients.
Q12: How do these changes contribute to overall email security?
The updated S/MIME standards, with stronger encryption algorithms, improved key lengths, and enhanced certificate validation procedures, enhance the security and trustworthiness of email communication. By adopting these changes, the integrity, confidentiality, and authenticity of your email communications will be strengthened, ensuring a higher level of overall email security.
Q13: Where can I find more information about the upcoming S/MIME standard changes?
For more information and further details about the upcoming S/MIME standard changes, you are invited to watch Sectigo New S/MIME Baseline Requirements Webinar or read about the official baseline requirements document here.
Need help?
Need help making a purchase? Contact us today to get your certificate issued right away.
Live chat
Click the button below or click "Chat with an Expert" to start chatting with us now!
