Home » All CA/Browser Forum Posts » Ballot SC060: Membership of ZT Browser

Ballot SC060: Membership of ZT Browser

Voting Results

Certificate Issuers

12 votes total, with 7 abstentions:

4 Issuers voting YES: Entrust, HARICA, Izenpe, Telia
1 Issuers voting NO: SwissSign
7 Issuers ABSTAIN: Actalis, DigiCert, D-Trust, JPRS, OISTE, SECOM Trust Systems, SSL.com

Certificate Consumers

4 votes total, with no abstentions:

0 Consumers voting YES
4 Consumers voting NO: Apple, Google, Mozilla, Opera
0 Consumers ABSTAIN

Bylaws Requirements

Bylaw 2.3(6) requires:
- A “yes” vote by two-thirds of Certificate Issuer votes and by 50%-plus-one of Certificate Consumer votes. Votes to abstain are not counted for this purpose. This requirement was MET for Certificate Issuers and NOT MET for Certificate Consumers.
- At least one Certificate Issuer and one Certificate Consumer Member must vote in favor of a ballot for the ballot to be adopted. This requirement was MET for Certificate Issuers and NOT MET for Certificate Consumers.
Bylaw 2.3(7) requires that a ballot result only be considered valid when “more than half of the number of currently active Members has participated”. Votes to abstain are counted in determining quorum. Half of the currently active members at the start of voting was 12, so the quorum was 13 for this ballot. This requirement was MET.

Ballot Contents

Purpose of Ballot

Richard Wang has applied for ZT Browser (produced by ZoTrus Technology Limited) to be granted membership in the Server Certificate Working Group as a Certificate Consumer. The SCWG Charter states that “An Applicant shall become a Member… upon the request of any Member, by a Ballot among the Members.” This ballot is to determine if ZT Browser shall become a Member. The following motion has been proposed by Aaron Gable of ISRG / Let’s Encrypt, and endorsed by Tobias Josefowitz of Opera and Tim Hollebeek of Digicert.

Motion Begins

Modify the membership of the Server Certificate Working Group to include ZT Browser as a Certificate Consumer with “” as the Authorized Representative.

Motion Ends

Discussion (7+ days)

Start time: 2023-01-05 19:00 UTC

End time: Not before 2023-01-19 19:00 UTC

Vote for approval (7 days)

Start time: 2023-01-20 23:00 UTC

End time: 2023-01-27 23:00 UTC

Ballot Status

This ballot has failed due to not meeting some of the Bylaws requirements.

Latest releases

Server Certificate Requirements
SC099: Improve Recording of Validation Methods - May 19, 2026

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.14 - Ballot SMC016 - May 5, 2026

This ballot maintains consistency between the S/MIME Baseline Requirements and the TLS Baseline Requirements with changes introduced by Ballots SC096 and SC097. Specifically, this ballot: Creates a carve-out of the logging requirements for DNSSEC specifically, stating these are not in scope. For audit purposes, change management logging is able to confirm if the appropriate controls are in effect or not. Sunsets all remaining use of SHA-1 signatures in Certificates and CRLs. It is noted that most uses of SHA-1 signatures are already deprecated by SC097. With this ballot, all unexpired Subordinate CA Certificates issuing S/MIME containing the SHA-1 signature algorithm must be revoked. This proposal does not prohibit the use of SHA-1 to generate issuerKeyHash or issuerNameHash values as currently required by RFC 5019. Includes minor formatting corrections.

Network and Certificate System Security Requirements
Version 2.0.5 (Ballot NS-008) - Jul 9, 2025