CA/Browser Forum
Home » All CA/Browser Forum Posts » 2025-07-17 Minutes of the Server Certificate Working Group

2025-07-17 Minutes of the Server Certificate Working Group

Meeting Title: CA/Browser Forum Server Certificate Working Group

Date: 17 July 2025

Meeting Ran By: Wayne Thayer

Minutes Taken By: Scott Rea

1. Roll Call and Housekeeping

Meeting called to order by Wayne Thayer.

2. Reading of Note-well

Wayne Thayer read the note-well.

3. Review of Agenda

No additions to agenda.

4. Minutes approval

  • F2F 65 Toronto 11-12 June 2025 minutes Approved
  • April 10, 2025 Teleconference (Draft minutes have not been distributed yet)

5. Membership applications

  • Sandelman Software Works Inc. already approved and have been granted access.
  • Suchindran Sankarraman submitted Interested Party application but is already eligible under eMudhra membership. Scott will follow up with - Suchindran to ensure he has accesses. No further action required unless advised otherwise, this request is withdrawn.
  • SINAM Limited liability Company (Interested Party represented by Khanmurad Abdullayev) is considered and approved.

6. Ballot Status

In Discussion:

  • SC086: Sunset the Inclusion of Address and Routing Parameter Area Names – not discussed as Corey was not available for this call

In Voting Period:

  • SC089: Mass Revocation Planning (Ben) – Discussion period ended, no takers on extension offer from Ben so is moved to Vote period now.

IPR Review:

  • SC085: Require DNSSEC for CAA and DCV Lookups - IPR review ends in a few days (2025-07-19 19:00:00 UTC)

Draft Ballots in Progress:

  • SC087: Registration Number Improvement for EV Certificates (Corey) – no further discussion on call

  • SC088: Persistent DNS DCV (Slaughter) – Wayne noted there was a lot of activity on list regarding this one.

  • SC0XX: Process RFC 8657 CAA Parameters (Wayne) - Waiting for SC085 to be adopted first.

  • SC0XX: Validation method in TLS Certificates (Clint) – Expect more detailed discussion in coming weeks

7. Other Agenda Items

Nil

8. Any other business

Nil

9. Next Call: July 31, 2025

Attendees

Aaron Gable (Let’s Encrypt), Aaron Poulsen (Amazon), Adam Jones (Microsoft), Adrian Mueller (SwissSign), Ben Wilson (Mozilla), Brianca Martin (Amazon), Bruce Morton (Entrust), Chris Clements (Google), Clint Wilson (Apple), Cynethia Brown (US Federal PKI Management Authority), Dean Coclin (DigiCert), Enrico Entschew (D-TRUST), Gregory Tomko (GlobalSign), Inaba Atsushi (GlobalSign), Iñigo Barreira (Sectigo), Jaime Hablutzel (OISTE Foundation), Jeanette Snook (Visa), Johnny Reading (GoDaddy), Jozef Nigut (Disig), Jun Okura (Cybertrust Japan), Karina Sirota (Microsoft), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Kate Xu (TrustAsia), Lucy Buecking (IdenTrust), Luis Cervantes (SSL.com), Mahua Chaudhuri (Microsoft), Marco Schambach (IdenTrust), Matthew McPherrin (Let’s Encrypt), Michael Slaughter (Amazon), Michelle Coon (OATI), Mrugesh Chandarana (IdenTrust), Nargis Mannan (VikingCloud), Nicol So (CommScope), Nome Huang (TrustAsia), Ono Fumiaki (SECOM Trust Systems), Peter Miskovic (Disig), Rebecca Kelly (SSL.com), Rich Smith (DigiCert), Rollin Yu (TrustAsia), Ryan Dickson (Google), Scott Rea (eMudhra), Stephen Davidson (DigiCert), Tadahiko Ito (SECOM Trust Systems), Tim Callan (Sectigo), Tim Hollebeek (DigiCert), Tobias Josefowitz (Opera Software AS), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority).

Latest releases
Server Certificate Requirements
SC095v3: Clean-up 2025 - Apr 2, 2026

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.13 - Ballot SMC015v2 - Mar 28, 2026

This ballot introduces requirements that a CA or RA must follow to rely upon a Mobile Drivers License (mDL) to provide evidence for the authentication of individual identity. It allows the use of mDL that conform to ISO/IEC 18013-5 and which may be verified by the CA or RA in conformance with ISO/IEC 18013-7. The CA or RA shall only accept mDL from an Issuing Authority that is legally authorized by the relevant government or jurisdiction to issue driving licenses. The draft also aligns the subsections of 3.2.4.2 (Validation of individual identity) to correspond more closely with those in 3.2.4.1 (Attribute collection of individual identity). It also includes minor editorial corrections. SMC015v2 was updated to remove an additional reference to the superceded ETSI EN 319 403. This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Ben Wilson (Mozilla) and Scott Rea (eMudhra).

Network and Certificate System Security Requirements
Version 2.0.5 (Ballot NS-008) - Jul 9, 2025

Related posts
Tags
Minutes Server Certificates
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).