CA/Browser Forum
Home » All CA/Browser Forum Posts » 2022-05-12 Minutes of the CA/Browser Forum Teleconference

2022-05-12 Minutes of the CA/Browser Forum Teleconference

1. Opening Procedures- Dean

Roll Call

Attendees: Aaron Poulsen (Amazon), Adam Jones (Microsoft), Amanda Mendieta (Apple), Ben Wilson (Mozilla), Brian Keogh (Microsoft), Brittany Randall (GoDaddy), Bruce Morton (Entrust), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), David Kluge (Google), Dean Coclin (Digicert), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Enrico Entschew (D-TRUST), Fumi Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Hogeun Yoo (NAVER Cloud), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Kiran Tummala (Microsoft), Li-Chun Chen (Chunghwa Telecom), Mads Henriksveen (Buypass AS), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Niko Carpenter (SecureTrust), Paul van Brouwershaven (Entrust), Rae Ann Gonzales (GoDaddy), Rebecca Kelley (Apple), Sooyoung Eo (NAVER Cloud), Stephen Davidson (Digicert), Steven Deitte (GoDaddy), Tadahiko Ito (SECOM Trust Systems), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Tyler Myers (GoDaddy), Vijay Kumar (India PKI Forum), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)

Read Antitrust Statement- Jos Purvis

Review Agenda

Approval of minutes of last call

  • Approved

2. Forum Infrastructure Subcommittee update given by Jos Purvis

  • No update due to no meeting

3. Code Signing Certificate Working Group update given by Bruce Morton

  • Closed on ballot and updated CSBRs have been posted
  • Started a ballot on format update that is currently in discussion period
  • Relooking at high-risk cert requests because it would allow keys to be generated in software
  • Will discuss Open questions on time stamps
  • Once format is updated, group will work on eliminating references to SSL BRs to make CSBRs stand alone

4. SMIME working group update given by Stephen Davidson

  • Entered 30 day pre-ballot discussion period to get feedback and the discuss at the face-to-face in Warsaw
  • Reviewed changes made to document that included changes to the way that organization vetting occurs, introducing some flexibility for naming in the legacy profile and consideration of data protection

5. NetSec Working Group given by David Kluge

  • Revived older ballot drafts, in particular about offline and air gapped root CA systems
  • Still working on risk assessments and threat modeling to identity specific risks.
  • Have guest speaker to talk on this.

6. Any Other Business

  • For F2F, Working groups should have short update presentations and talk to Dean about timing needed for sessions
  • 22 people will be attending in person and 26 people will be attending remotely.
  • Shared agenda on screen and brief overview of agenda

F2F Meeting Schedule

  • 2022
  • June 6-8 – Poland (Note: Meeting dates are Mon-Weds and will be followed by the Trusted Economy Forum on Weds-Thurs), MEETING IS CONFIRMED
  • Oct 24-26 – Berlin (Note: Meeting dates are Mon-Weds and will be followed by the CA Day and TSP event on Thurs/Fri)
Latest releases
Server Certificate Requirements
SC-089: Mass Revocation Planning - Aug 26, 2025

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.12 - Ballot SMC014 - Oct 13, 2025

This ballot introduces requirements that a Certificate Issuer MUST deploy DNSSEC validation back to the IANA DNSSEC root trust anchor on all DNS queries associated with CAA record lookups performed by the Primary Network Perspective, effective March 15, 2026. The ballot is intended to maintain consistency in the S/MIME Baseline Requirements with the requirements of Ballot SC-085 which implemented identical requirements in the TLS Baseline Requirements. Note: SC-085 also introduced requirements in TLS Baseline Requirements for the use of DNSSEC in domain control validation. These requirements are automatically adopted in the S/MIME BR by the email domain control methods that include a normative reference to section 3.2.2.4 of the TLS Baseline Requirements. The draft also includes minor corrections to web links in the text. This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Client Wilson (Apple) and Ashish Dhiman (GlobalSign).

Network and Certificate System Security Requirements
Version 2.0.5 (Ballot NS-008) - Jul 9, 2025

Related posts
Tags
Forum Minutes
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).