Home » All CA/Browser Forum Posts » 2025-12-18 Minutes of the Forum

2025-12-18 Minutes of the Forum

Final Minutes for CA/B Forum Plenary Meeting 2025-12-18

Minutes:

Opening:
- Dean Coclin (DigiCert) confirmed the recording was on and the Notewell was read.
- Attendance was taken.
- Minutes from December 4th were not yet released and would be addressed with Eva.
Working Group Updates:
- Server Certificate Working Group:
  - Dimitris Zacharopoulos (HARICA) provided an update: The WG reviewed open issues on GitHub, with many being incorporated into the cleanup ballot. Discussions led to progress and consensus on a path forward for several issues.
  - Wayne Thayer (Fastly) provided an update on the previous Validation Subcommittee meeting. They continued discussion on Jacob Hoffman Andrew’s pull request to update the definition of ADN, which involves substantial changes to section 3.2.2.4 and is moving in the right direction. In that call, Clint also proposed a ballot regarding the use of RDAP in the EV Guidelines, as the guidelines only specified WHOIS. The conclusion was that since the definition of WHOIS includes the RDAP protocol in the Baseline Requirements, only a clarification was needed, and this would be added to the cleanup ballot.
- Code Signing Certificate Working Group:
  - Martijn Katerbarg (Sectigo) reported a short call last week with limited participants, so there was no significant update. He hoped for more traction next year.
- S/MIME Certificate Working Group:
  - Martijn Katerbarg (Sectigo) reported on the previous month’s call where the main topic was client authentication for SMTP servers. It was unclear if there was an impact on the ecosystem or if it slightly overlapped with the Server Certificate WG. No real details were decided on the direction for this topic.
- NetSec Working Group: No update.
- Definitions and Glossary Working Group: No update.
- Forum Infrastructure Subcommittee: Ben Wilson (Mozilla) stated that there had not been a call recently, so there was no update.
Any Other Business:
- Dean Coclin (DigiCert) mentioned he received feedback on his proposal for a Member Emeritus category. He acknowledged the concerns and will come up with an alternative, providing an update after the new year.
- January 1st Meeting Cancellation: Dean Coclin (DigiCert) explained that he had attempted to cancel the 2026-01-01 meeting in the Webex account, but it had disappeared from the Webex portal, though it might still show on attendees’ calendars. He asked anyone with the invite on their calendar for 2026-01-01 to please delete it, as the meeting is not happening. Dimitris Zacharopoulos (HARICA) suggested adjusting recurring meeting dates, and Ben Wilson (Mozilla) speculated it might have been created before the CA/B Forum Webex account.
- Dean Coclin (DigiCert) also provided an update on the F2F Meeting in Houston, TX, from 2026-03-10 to 2026-03-12. Arrangements are progressing, and he encouraged attendees to register.
Next Call & Adjournment:
- The next call will be on 2026-01-15.
- Dean Coclin (DigiCert) wished everyone a Happy New Year, Merry Christmas, and happy holidays, then adjourned the meeting.

Attendees:

Aaron Gable (ISRG)
Aaron Poulsen (Amazon Trust Services)
Adam Jones (Microsoft)
Adriano Santoni (Actalis)
Alvin Wang (SHECA)
Antti Backman (Telia Company)
Arman Asemani (Apple)
Atsushi INABA (GlobalSign)
Ben Wilson (Mozilla)
Brianca Martin (Amazon)
Brittany Randall (GoDaddy)
Chris Clements (Chrome)
Dean Coclin (DigiCert)
Dimitris Zacharopoulos (HARICA)
Dustin Hollenback (Apple)
Greg Tomko (GlobalSign)
Inigo Barreira (Sectigo)
Jaime Hablutzel (WISeKey)
Jun Okura (Cybertrust)
Kate Xu (TrustAsia)
Kateryna Aleksieieva (Certum by Asseco)
Luis Cervantes (SSL.com)
Mahua Chaudhuri (Microsoft)
Marco Schambach (IdenTrust)
Martijn Katerbarg (Sectigo)
Michelle Coon (OATI)
Mrugesh Chandarana (IdenTrust)
Nargis Mannan (Viking Cloud)
Nate Smith (GoDaddy)
Nome Huang (TrustAsia)
ONO Fumiaki (SECOM Trust Systems)
Paul van Brouwershaven (Digitorus)
Peter Miskovic (Disig)
Rich Smith (DigiCert)
Scott Rea (eMudhra)
Sean Huang (TWCA)
Steven Deitte (GoDaddy)
Sven Rajala (Keyfactor)
Tadahiko ITO (SECOM)
Tathan Thacker (IdenTrust)
Tim Callan (Sectigo)
Tobias Josefowitz (Opera)
Thomas Zermeno (SSL.com)
Trevoli Ponds-White (Amazon Trust Services)
Wayne Thayer (Fastly)
Wendy Brown (FPKIMA)

Latest releases

Server Certificate Requirements
SC095v3: Clean-up 2025 - Apr 2, 2026

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.13 - Ballot SMC015v2 - Mar 28, 2026

This ballot introduces requirements that a CA or RA must follow to rely upon a Mobile Drivers License (mDL) to provide evidence for the authentication of individual identity. It allows the use of mDL that conform to ISO/IEC 18013-5 and which may be verified by the CA or RA in conformance with ISO/IEC 18013-7. The CA or RA shall only accept mDL from an Issuing Authority that is legally authorized by the relevant government or jurisdiction to issue driving licenses. The draft also aligns the subsections of 3.2.4.2 (Validation of individual identity) to correspond more closely with those in 3.2.4.1 (Attribute collection of individual identity). It also includes minor editorial corrections. SMC015v2 was updated to remove an additional reference to the superceded ETSI EN 319 403. This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Ben Wilson (Mozilla) and Scott Rea (eMudhra).

Network and Certificate System Security Requirements
Version 2.0.5 (Ballot NS-008) - Jul 9, 2025