CA/Browser Forum
Home » All CA/Browser Forum Posts » 2025-09-25 Minutes of the Server Certificate Working Group

2025-09-25 Minutes of the Server Certificate Working Group

Meeting Date:

  • 2025-09-25

Note Well:

  • Read by Wayne Thayer during the SCWG call preceding this call.

Review of Agenda:

  • No additions or changes.

Approval of Minutes:

  • September 11, 2025 Teleconference (Draft minutes were distributed on 2025-09-11) approved.
  • The minutes from the April 10, 2023 meeting are still pending.
    • Action Item: Dean Coclin will resend the meeting recording to Aaron Poulsen to assist in completing the minutes.

Working Group Updates

  • Server Certificate WG (Wayne Thayer): The last meeting discussed the sunset of pre-certificate signing CAs, with the effective date moved to March 15, 2024.
  • Validation Subcommittee (Corey Bonnell): The group discussed definitions for “Authorization Domain Name,” “Base Domain Name,” and CNAME chaining. A future ballot will be drafted to clarify these terms. The next meeting will cover IP address-based validation and F2F meeting topics.
  • Code Signing WG (Martijn Katerbarg): Ballot CSC-31 is in discussion and will be restarted soon with minor changes.
  • S/MIME WG (Martijn Katerbarg): The last meeting was dominated by a discussion on the use of pseudonyms in the Common Name, with differing opinions. A discussion was also held on potentially re-allowing the OU field in S/MIME certificates.
  • NetSec WG (Clint Wilson): The group had a brief discussion on the potential use of AI as a tool for monitoring incidents, ballots, and certificate validation workflows. Clint suggested this is a broader Forum-level topic.
  • Definitions & Glossary WG (Tim Hollebeek): Work is resuming to create a standalone definitions document and resolve circular references. Ballots are being organized.
  • Forum Infrastructure WG (Ben Wilson): The group discussed GitHub governance, including the Contributor License Agreement (CLA) and comment moderation. They concluded that these are policy decisions for the full Forum.
  • IPR Subcommittee (Ben Wilson): A final redlined draft of the IPR Policy v1.4 is complete and will be circulated to the public list for review.

Any Other Business:

  • Fall 2026 F2F Meeting: The host and location have been changed. The meeting will now be hosted by eMudhra in Vienna, Austria. Scott Rea from eMudhra requested that members share any known scheduling conflicts for the October 2026 timeframe.

  • Upcoming F2F Meeting (Poland): Registration is closed, with nearly 70 in-person attendees. Kateryna Aleksieieva confirmed that an evening social event will be held at a local brewery on Wednesday evening.

  • The next two Forum calls, scheduled for October 9 and October 23, 2025 are canceled due to the upcoming F2F meeting.

  • No other business was discussed.

Adjourn

Attendees

Aaron Gable (Let’s Encrypt), Aaron Poulsen (Amazon), Abdul Hakeem Putra (MSC Trustgate Sdn Bhd), Adam Jones (Microsoft), Alvin Wang (SHECA), Antti Backman (Telia Company), Ben Wilson (Mozilla), Brianca Martin (Amazon), Chad Dandar (Cisco Systems), Clint Wilson (Apple), Corey Bonnell (DigiCert), Corey Rasmussen (OATI), Dean Coclin (DigiCert), Gregory Tomko (GlobalSign), Hogeun Yoo (NAVER Cloud Trust Services), Inaba Atsushi (GlobalSign), Janet Hines (VikingCloud), Jeanette Snook (Visa), Jun Okura (Cybertrust Japan), Karina Goodley (Microsoft), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Kate Xu (TrustAsia), Luis Cervantes (SSL.com), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Matthew McPherrin (Let’s Encrypt), Michael Slaughter (Amazon), Michelle Coon (OATI), Nargis Mannan (VikingCloud), Nate Smith (GoDaddy), Nicol So (CommScope), Nome Huang (TrustAsia), Ono Fumiaki (SECOM Trust Systems), Peter Miskovic (Disig), Rollin Yu (TrustAsia), Sandy Balzer (SwissSign), Scott Rea (eMudhra), Sean Huang (TWCA), Sven Rajala (Keyfactor), Tadahiko Ito (SECOM Trust Systems), Tathan Thacker (IdenTrust), Thomas Zermeno (SSL.com), Tim Hollebeek (DigiCert), Tobias Josefowitz (Opera Software AS), Tsung-Min Kuo (Chunghwa Telecom), Wayne Thayer (Fastly).

Latest releases
Server Certificate Requirements
SC092: Sunset use of Precertificate Signing CAs - Nov 4, 2025

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.12 - Ballot SMC014 - Oct 13, 2025

This ballot introduces requirements that a Certificate Issuer MUST deploy DNSSEC validation back to the IANA DNSSEC root trust anchor on all DNS queries associated with CAA record lookups performed by the Primary Network Perspective, effective March 15, 2026. The ballot is intended to maintain consistency in the S/MIME Baseline Requirements with the requirements of Ballot SC-085 which implemented identical requirements in the TLS Baseline Requirements. Note: SC-085 also introduced requirements in TLS Baseline Requirements for the use of DNSSEC in domain control validation. These requirements are automatically adopted in the S/MIME BR by the email domain control methods that include a normative reference to section 3.2.2.4 of the TLS Baseline Requirements. The draft also includes minor corrections to web links in the text. This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Client Wilson (Apple) and Ashish Dhiman (GlobalSign).

Network and Certificate System Security Requirements
Version 2.0.5 (Ballot NS-008) - Jul 9, 2025

Related posts
Tags
Minutes Server Certificates
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).