Home » All CA/Browser Forum Posts » Ballot FORUM-4 v3: Fix mistakes made during passage of Governance Reform Ballot 206

Ballot FORUM-4 v3: Fix mistakes made during passage of Governance Reform Ballot 206

Results on Ballot Forum-4: Fix mistakes made during passage of Governance Reform Ballot 206

The voting period for Ballot Forum-4 has ended and the ballot has passed. Here are the results.

Voting by CAs – 14 votes total including abstentions

13 Yes votes: Amazon, Certinomis, D-TRUST, DigiCert, Disig, Entrust Datacard, GDCA, GlobalSign, GoDaddy, HARICA, Kamu Sertifikasyon Merkezi, SSC, Visa
1 No vote: Trustwave
0 Abstain: 93% of voting CAs voted in favor

Voting by browsers – 5 votes total including abstentions

5 Yes votes: Cisco, Microsoft, Mozilla, Opera, 360
0 No votes:
0 Abstain: 100% of voting browsers voted in favor

Under Bylaw 2.2(g), a ballot result will be considered valid only when more than half of the number of currently active Members has participated. Votes to abstain are counted in determining a quorum. Half of currently active Members as of the start of voting is 11, so quorum was 12 votes – quorum was met.

Bylaw 2.2(f) requires a yes vote by two-thirds of CA votes and 50%-plus-one browser votes for approval. Votes to abstain are not counted for this purpose. This requirement was met for both CAs and browsers.

At least one CA Member and one browser Member must vote in favor of a ballot for the ballot to be adopted. This requirement was met

The ballot passes.

Purpose of Ballot

The Governance Reform ballot (Ballot 206 under the old ballot numbering scheme) was extremely complicated and took roughly two years to draft. The changes to the Bylaws from Ballot 216 were intended to be included in the Governance Reform ballot, but were accidentally not included.

The attached version of the Bylaws restores the important discussion period changes that were approved by the members but then accidentally overwritten.

The following motion has been proposed by Tim Hollebeek of DigiCert and endorsed by Wayne Thayer of Mozilla and Moudrick Dadashov of SSC.

Motion begins

This ballot replaces the “Bylaws of the CA/Browser Forum” version 1.9 with version 2.0 of those Bylaws, attached to this ballot. [See

Version 2.0 of Bylaws]

Motion ends

The procedure for approval of this ballot is as follows:

Discussion (7 days)

Start Time: 2018-09-14, 2:50 pm Eastern Time

End Time: 2018-09-21, 2:50 pm Eastern Time

Vote for approval (7 days)

Start Time: 2018-09-21, 2:50 pm Eastern Time

End Time: 2018-09-28, 2:50 pm Eastern Time

Latest releases

Server Certificate Requirements
SC-089: Mass Revocation Planning - Aug 26, 2025

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.12 - Ballot SMC014 - Oct 13, 2025

This ballot introduces requirements that a Certificate Issuer MUST deploy DNSSEC validation back to the IANA DNSSEC root trust anchor on all DNS queries associated with CAA record lookups performed by the Primary Network Perspective, effective March 15, 2026. The ballot is intended to maintain consistency in the S/MIME Baseline Requirements with the requirements of Ballot SC-085 which implemented identical requirements in the TLS Baseline Requirements. Note: SC-085 also introduced requirements in TLS Baseline Requirements for the use of DNSSEC in domain control validation. These requirements are automatically adopted in the S/MIME BR by the email domain control methods that include a normative reference to section 3.2.2.4 of the TLS Baseline Requirements. The draft also includes minor corrections to web links in the text. This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Client Wilson (Apple) and Ashish Dhiman (GlobalSign).

Network and Certificate System Security Requirements
Version 2.0.5 (Ballot NS-008) - Jul 9, 2025