Welcome to the CA/Browser Forum
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).
More information for about the forum and information for Site Owners, Developers, Auditors and Assessors, and Potential Members can be found in the About section of this website.
Recent posts
Ballot CSC-32: Make a Reserved Policy OID mandatory
June 16, 2026 by The Intellectual Property Review (IPR) period for Ballot CSC-32 (Ballot CSC-32: Make a Reserved Policy OID mandatory) has completed. No IPR Exclusion Notices were filed, and the ballot is adopted as of November 17, 2025. The new CSC BRs v3.10.0 have been published to the CABF public website in accordance with the Bylaws: https://cabforum.org/uploads/CA-Browser-Forum-CSCBR-3.11.0.pdf IPR Review of Ballot CSC-32: Make a Reserved Policy OID mandatory This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.3). This Review Period of 30 days is for one Final Maintenance Guidelines. The complete Draft Maintenance Guideline that is the subject of this Review Notice is attached to this email.
June 16, 2026 by The Intellectual Property Review (IPR) period for Ballot CSC-32 (Ballot CSC-32: Make a Reserved Policy OID mandatory) has completed. No IPR Exclusion Notices were filed, and the ballot is adopted as of November 17, 2025. The new CSC BRs v3.10.0 have been published to the CABF public website in accordance with the Bylaws: https://cabforum.org/uploads/CA-Browser-Forum-CSCBR-3.11.0.pdf IPR Review of Ballot CSC-32: Make a Reserved Policy OID mandatory This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.3). This Review Period of 30 days is for one Final Maintenance Guidelines. The complete Draft Maintenance Guideline that is the subject of this Review Notice is attached to this email.
Ballot SMC017v2: Increase Minimum RSA CA Key Size
June 16, 2026 by Stephen DavidsonBallot SMC017v2: Increase Minimum RSA CA Key SizeSummary: This ballot increases the minimum RSA key size for Root and Subordinate CA certificates in the S/MIME BRs from 2048 to 4096 bits for keys created after September 15, 2026, while retaining the 2048-bit minimum for Subscriber certificates. The ballot further requires that by September 15, 2027, CAs SHALL NOT issue Subscriber certificates from any Sub-CA whose RSA key modulus is less than 3072 bits, effectively sunsetting issuance from legacy 2048-bit Sub-CAs. The ballot also includes minor typographic corrections.
June 16, 2026 by Stephen DavidsonBallot SMC017v2: Increase Minimum RSA CA Key SizeSummary: This ballot increases the minimum RSA key size for Root and Subordinate CA certificates in the S/MIME BRs from 2048 to 4096 bits for keys created after September 15, 2026, while retaining the 2048-bit minimum for Subscriber certificates. The ballot further requires that by September 15, 2027, CAs SHALL NOT issue Subscriber certificates from any Sub-CA whose RSA key modulus is less than 3072 bits, effectively sunsetting issuance from legacy 2048-bit Sub-CAs. The ballot also includes minor typographic corrections.
2026-06-04 Minutes of the Server Certificate Working Group
June 4, 2026 by Wayne ThayerMinutes: Dimitris leading the meeting and taking minutes Dimitris read the note-well. No changes were requested for the agenda. Minutes approval May 21, 2026 - these minutes were distributed on 2026-05-21. The minutes were approved. Next call: June 18, 2026 Attendees Aaron Gable (Let’s Encrypt), Aaron Poulsen (SSL.com), Adam Folson (IdenTrust), Adriano Santoni (Actalis S.p.A.), Alexandros Afentoulis (HARICA), Alvin Wang (SHECA), Andrea Holland (IdenTrust), Antti Backman (Telia Company), Arman Asemani (Apple), Ben Wilson (Mozilla), Chad Dandar (Cisco Systems), Chris Clements (Google), Clint Wilson (Apple), Cynethia Brown (US Federal PKI Management Authority), Daryn Wright (Apple), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Apple), Eamon Zhang (TrustAsia), Eleftheria Theologou (HARICA), Enrico Entschew (D-TRUST), Eric Hampshire (Cisco Systems), Georgy Sebastian (Amazon), Grace Cimaszewski (Grace Cimaszewski (Private Person)), Gregory Tomko (GlobalSign), Gurleen Grewal (Google), Hazhar Ismail (MSC Trustgate Sdn Bhd), Henry Birge-Lee (Henry Birge-Lee (Private person)), Hogeun Yoo (NAVER Cloud Trust Services), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Jan Smith (US Federal PKI Management Authority), Jinhwan Shin (CPA Canada/WebTrust), Joe DeBlasio (Google), John Mason (Microsoft), Johnny Reading (GoDaddy), Joseph Cigin (Joseph Cigin (Private Person)), Jos Purvis (Fastly), Josselin Allemandou (Certigna (DHIMYOTIS)), Jun Okura (Cybertrust Japan), Karina Sirota (Microsoft), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Kiran Tummala (Apple), Li-Chun Chen (Chunghwa Telecom), Lilia Dubko (CPA Canada/WebTrust), Lucy Buecking (IdenTrust), Mads Henriksveen (Buypass AS), Mahua Chaudhuri (Microsoft), Marijn Nagelkerke (360 Browser), Mark Gamache (Mark Gamache (Private Person)), Mark Nelson (IdenTrust), Martijn Katerbarg (Sectigo), Masaru Sakamoto (Cybertrust Japan), Masatoshi Shigaki (CPA Canada/WebTrust), Matthew McPherrin (Let’s Encrypt), Michelle Coon (OATI), Mrugesh Chandarana (IdenTrust), Nate Smith (GoDaddy), Nick France (Sectigo), Nome Huang (TrustAsia), Ono Fumiaki (SECOM Trust Systems), Paul van Brouwershaven (Entrust), Paul van Brouwershaven (Digitorus), Pekka Lahtiharju (Telia Company), Peter Miskovic (Disig), Rebecca Kelly (SSL.com), Rob Brady (SGNR, LLC), Rob Stradling (Sectigo), Rob White (GoDaddy), Rollin Yu (TrustAsia), Roman Fischer (SwissSign), Sándor Szőke (Microsec), Sandy Balzer (SwissSign), Scott Rea (eMudhra), Sean Huang (TWCA), Sven Rajala (Keyfactor), Tadahiko Ito (SECOM Trust Systems), Tathan Thacker (IdenTrust), Thomas Connelly (US Federal PKI Management Authority), Thomas Zermeno (SSL.com), Tim Callan (Sectigo), Tim Crawford (CPA Canada/WebTrust), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Tsung-Min Kuo (Chunghwa Telecom), Vikas Khanna (Microsoft), Vinay Kumar (OATI), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Zhao Kuisen (NovaVanguard Technology Co., Ltd.).
More posts of the CA/Browser ForumJune 4, 2026 by Wayne ThayerMinutes: Dimitris leading the meeting and taking minutes Dimitris read the note-well. No changes were requested for the agenda. Minutes approval May 21, 2026 - these minutes were distributed on 2026-05-21. The minutes were approved. Next call: June 18, 2026 Attendees Aaron Gable (Let’s Encrypt), Aaron Poulsen (SSL.com), Adam Folson (IdenTrust), Adriano Santoni (Actalis S.p.A.), Alexandros Afentoulis (HARICA), Alvin Wang (SHECA), Andrea Holland (IdenTrust), Antti Backman (Telia Company), Arman Asemani (Apple), Ben Wilson (Mozilla), Chad Dandar (Cisco Systems), Chris Clements (Google), Clint Wilson (Apple), Cynethia Brown (US Federal PKI Management Authority), Daryn Wright (Apple), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Apple), Eamon Zhang (TrustAsia), Eleftheria Theologou (HARICA), Enrico Entschew (D-TRUST), Eric Hampshire (Cisco Systems), Georgy Sebastian (Amazon), Grace Cimaszewski (Grace Cimaszewski (Private Person)), Gregory Tomko (GlobalSign), Gurleen Grewal (Google), Hazhar Ismail (MSC Trustgate Sdn Bhd), Henry Birge-Lee (Henry Birge-Lee (Private person)), Hogeun Yoo (NAVER Cloud Trust Services), Inaba Atsushi (GlobalSign), India Donald (US Federal PKI Management Authority), Jan Smith (US Federal PKI Management Authority), Jinhwan Shin (CPA Canada/WebTrust), Joe DeBlasio (Google), John Mason (Microsoft), Johnny Reading (GoDaddy), Joseph Cigin (Joseph Cigin (Private Person)), Jos Purvis (Fastly), Josselin Allemandou (Certigna (DHIMYOTIS)), Jun Okura (Cybertrust Japan), Karina Sirota (Microsoft), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Kiran Tummala (Apple), Li-Chun Chen (Chunghwa Telecom), Lilia Dubko (CPA Canada/WebTrust), Lucy Buecking (IdenTrust), Mads Henriksveen (Buypass AS), Mahua Chaudhuri (Microsoft), Marijn Nagelkerke (360 Browser), Mark Gamache (Mark Gamache (Private Person)), Mark Nelson (IdenTrust), Martijn Katerbarg (Sectigo), Masaru Sakamoto (Cybertrust Japan), Masatoshi Shigaki (CPA Canada/WebTrust), Matthew McPherrin (Let’s Encrypt), Michelle Coon (OATI), Mrugesh Chandarana (IdenTrust), Nate Smith (GoDaddy), Nick France (Sectigo), Nome Huang (TrustAsia), Ono Fumiaki (SECOM Trust Systems), Paul van Brouwershaven (Entrust), Paul van Brouwershaven (Digitorus), Pekka Lahtiharju (Telia Company), Peter Miskovic (Disig), Rebecca Kelly (SSL.com), Rob Brady (SGNR, LLC), Rob Stradling (Sectigo), Rob White (GoDaddy), Rollin Yu (TrustAsia), Roman Fischer (SwissSign), Sándor Szőke (Microsec), Sandy Balzer (SwissSign), Scott Rea (eMudhra), Sean Huang (TWCA), Sven Rajala (Keyfactor), Tadahiko Ito (SECOM Trust Systems), Tathan Thacker (IdenTrust), Thomas Connelly (US Federal PKI Management Authority), Thomas Zermeno (SSL.com), Tim Callan (Sectigo), Tim Crawford (CPA Canada/WebTrust), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Tsung-Min Kuo (Chunghwa Telecom), Vikas Khanna (Microsoft), Vinay Kumar (OATI), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Zhao Kuisen (NovaVanguard Technology Co., Ltd.).