CA/Browser Forum
Home » All CA/Browser Forum Posts » 2022-07-07 Minutes of the CA/Browser Forum Teleconference

2022-07-07 Minutes of the CA/Browser Forum Teleconference

1. Opening Procedures – Dean Coclin

  1. Roll Call Aaron Poulsen (Amazon), Adam Jones (Microsoft), Amanda Mendieta (Apple), Andrea Holland (SecureTrust), Ben Wilson (Mozilla), Chris Clements (Google), Chris Kemmerer (SSL.com), Clint Wilson (Apple), Corey Bonnell (Digicert), Corey Rasmussen (OATI), Daryn Wright (GoDaddy), Dean Coclin (Digicert), Devon O’Brien (Google), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Microsoft), Fumi Yoneda (Japan Registry Services), Hazhar Ismail (MSC Trustgate Sdn Bhd), Hubert Chao (Google), Inaba Atsushi (GlobalSign), Inigo Barreira (Sectigo), Jamie Mackey (US Federal PKI Management Authority), Janet Hines (SecureTrust), Joanna Fox (TrustCor Systems), Johnny Reading (GoDaddy), Jos Purvis (Cisco Systems), Karina Sirota (Microsoft), Li-Chun Chen (Chunghwa Telecom), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Michelle Coon (OATI), Nargis Mannan (SecureTrust), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelley (Apple), Sooyoung Eo (NAVER Cloud), Steven Deitte (GoDaddy), Tadahiko Ito (SECOM Trust Systems), Tobias Josefowitz (Opera Software AS), Tyler Myers (GoDaddy), Vijay Kumar (eMuhdra), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yoshiro Yoneya (Japan Registry Services)
  2. Read Antitrust Statement- Jos Purvis
  3. Review Agenda
  4. Approval of minutes of last call
  • Available shortly after this call

2. Forum Infrastructure Subcommittee update given by Jos Purvis

  • Met shortly and agreed to keep moving forward
  • Ask for members to continue testing the membership tools

3. Code Signing Certificate Working Group update given by Corey Bonnell

  • CSC 14 successfully passed IPR review and become effective last Wednesday
  • Pushed back discussion on signing service requirements due to Bruce’s absense
  • Discussion on clean up ballot with minor fixes because of PanDoc format
  • Martin from Sectigo’s revocation requirements improvements ballot was discussed very briefly

4. SMIME working group update given by Stephen Davidson

  • Canceled. No Update

5. NetSec Working Group given by Clint Wilson

  • Discussed two membership applications- SSL.Com and Fastly. Both have been approved.
  • Talked about Risk Assessment- still have some work to do on the first component of the risk assessment, but it’s getting closer. Once that is done, group will move forward to next component
  • Talked about topics from the backburner
  • Talked about redline on what cloud hosted infrastructure would mean and what the expectations are for airgapped CAs

6. Any Other Business

  • Berlin page on Wiki is open for signups and details
Latest releases
Server Certificate Requirements
SC095v3: Clean-up 2025 - Apr 2, 2026

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.14 - Ballot SMC016 - May 5, 2026

This ballot maintains consistency between the S/MIME Baseline Requirements and the TLS Baseline Requirements with changes introduced by Ballots SC096 and SC097. Specifically, this ballot: Creates a carve-out of the logging requirements for DNSSEC specifically, stating these are not in scope. For audit purposes, change management logging is able to confirm if the appropriate controls are in effect or not. Sunsets all remaining use of SHA-1 signatures in Certificates and CRLs. It is noted that most uses of SHA-1 signatures are already deprecated by SC097. With this ballot, all unexpired Subordinate CA Certificates issuing S/MIME containing the SHA-1 signature algorithm must be revoked. This proposal does not prohibit the use of SHA-1 to generate issuerKeyHash or issuerNameHash values as currently required by RFC 5019. Includes minor formatting corrections.

Network and Certificate System Security Requirements
Version 2.0.5 (Ballot NS-008) - Jul 9, 2025

Related posts
Tags
Forum Minutes
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).