Feature-Request: SMIME / Signing for PDF


Dear Team,

i read some of the loooong discussions here for pro and against SMIME;
but at the end of the day it could be a good feature to have “signing” of eMails and (PDF-)documents…

This time it’s really expensive to get a “known” Certificate which allows to sign your PDF-Documents and so on…
The same to SMIME for signing eMails: It’s better than nothing, and better as signing with a PGP-Key which is not trusted by anyone, because the Key was not signed by another User.
( And do you like to show others who is your social network / where you let sign your key and who thinks that you’re “trustfull” - only by signing an eMail…? )

I really think there are more positive as negative Points to setup the support for Creating Certificates for eMail-Adresses… in particular for signing PDF-Documents and so on.


I think you’d have to take this to the IETF to put into the ACME spec, because that’s where this process would need to start. I don’t think it’s within the scope of Let’s Encrypt’s mission when it comes down to it, especially for PDF signing.


This also represents a lot of engineering work, and Let’s Encrypt is already pretty busy with the existing feature roadmap.

I think the S/MIME idea is possible in principle and may have some value, but again, it’s a lot of work. I would suggest starting outside of Let’s Encrypt to try to demonstrate the demand and feasibility, e.g. at IETF as @jared.m mentions, or with some community that already extensively uses S/MIME, or with some major developers of software that supports it well.

(It’s also possible that another CA would become interested in this as a result of work in this area.)


Even if you got past the whole ACME method for validating an email address thing, there’s a larger problem if you’re really trying to get a certificate for PDF signing:

If by PDF signing you mean works correctly in Adobe Acrobat / Acrobat Reader, the CA involved has to be included in Adobe’s (AATL - for outside Europe) or (EUTL - for inside Europe). If memory serves, I believe I read that Adobe actually charges CAs a license fee for that.

Which makes it even less likely that Let’s Encrypt would pursue that.

closed #5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.