CA/Browser Forum
Home » All CA/Browser Forum Posts » 2026-02-12 Minutes of the Forum

2026-02-12 Minutes of the Forum

Minutes:

CA/B Forum plenary Meeting - February 12, 2026

Notes by: Janet Hines (VikingCloud)

Attendees

  • Adam Folson (IdenTrust)
  • Adriano Santoni (Actalis S.p.A.)
  • Antti Backman (Telia Company)
  • Ben Wilson (Mozilla)
  • Chris Clements (Google)
  • Clint Wilson (Apple)
  • Corey Bonnell (DigiCert)
  • Corey Rasmussen (OATI)
  • Daryn Wright (Apple)
  • Dean Coclin (DigiCert)
  • Dimitris Zacharopoulos (HARICA)
  • Dustin Hollenback (Apple)
  • Enrico Entschew (D-TRUST)
  • Eric Kramer (Sectigo)
  • Gurleen Grewal (Google)
  • Hazhar Ismail (MSC Trustgate Sdn Bhd)
  • Inaba Atsushi (GlobalSign)
  • Iñigo Barreira (Sectigo)
  • Janet Hines (VikingCloud)
  • Jeanette Snook (Visa)
  • Jeff Ward (CPA Canada/WebTrust)
  • Johnny Reading (GoDaddy)
  • Jos Purvis (Fastly)
  • Julie Olson (GlobalSign)
  • Jun Okura (Cybertrust Japan)
  • Karina Sirota (Microsoft)
  • Karolina Ruszczyńska (Asseco Data Systems SA (Certum))
  • Lilia Dubko (CPA Canada/WebTrust)
  • Lucy Buecking (IdenTrust)
  • Luis Cervantes (SSL.com)
  • Mahua Chaudhuri (Microsoft)
  • Marco Schambach (IdenTrust)
  • Martijn Katerbarg (Sectigo)
  • Masaru Sakamoto (Cybertrust Japan)
  • Michelle Coon (OATI)
  • Nate Smith (GoDaddy)
  • Nome Huang (TrustAsia)
  • Ono Fumiaki (SECOM Trust Systems)
  • Pedro Fuentes (OISTE Foundation)
  • Peter Miskovic (Disig)
  • Raffaela Achermann (SwissSign)
  • Rebecca Kelly (SSL.com)
  • Roman Fischer (SwissSign)
  • Ryan Dickson (Google)
  • Sándor Szőke (Microsec)
  • Sandy Balzer (SwissSign)
  • Scott Rea (eMudhra)
  • Sean Huang (TWCA)
  • Stephen Davidson (DigiCert)
  • Steven Deitte (GoDaddy)
  • Sven Rajala (Keyfactor)
  • Tadahiko Ito (SECOM Trust Systems)
  • Tathan Thacker (IdenTrust)
  • Tim Callan (Sectigo)
  • Tobias Josefowitz (Opera Software AS)
  • Trevoli Ponds-White (Amazon)
  • Wayne Thayer (Fastly)
  • Wendy Brown (US Federal PKI Management Authority)
  • Wiktoria Więckowska (Asseco Data Systems SA (Certum)).

Minutes

Begin Recording - Roll Call

  • Read note-well - Note-well read by Dimitris in the SCWG call

Review of Agenda

  • No changes

Approval of minutes

  • January 15, 2026 minutes were approved.
  • January 29, 2026 have yet to be distributed.

Server Certificate Working Group update (Dimitris)

  • General Ballot discussions
  • Cleanup ballot: It was decided to cancel voting process to fix an incorrect RFC reference.
  • Validation Working Group (Corey) - Had guest speaker - CAA parameters ballot (Wayne) - Needs a second endorser. - CAA Security Draft RFC at the IETF - Defines a new CAA record type called security - Domain owner wants to use only DCV methods that can be cryptographically verified. - ADN Improvement ballot (Aaron and Jacob) - Discussion around various scenarios where following CNAMEs may or may not be allowed. On mailing list for discussion.

Code Signing Certificate Working Group update (Martijn)

  • Migration to a single profile (OV and EV Code Signing)
  • Microsoft working on a proposal to remove the phone validation.

S/MIME Certificate Working Group update (Stephen)

  • SMC-015 - [Discussion Period] - Use of mobile driver’s license for automation of validation of identity and removal of outdated ETSI EN-319403. [EN-319403-1 was the replacement]
  • SMC-016 - Implement the TLS Ballots (DNSSEC logging removed out of scope and SHA-1 complete removal)
  • SMTP to SMTP authentication which is typically done by TLS clientAuth/serverAuth certificates. Trying to gather data on this situation’s impact to the email ecosystem. May add this to the F2F discussion.

NetSec Working Group update (Clint)

  • Discussion on an approach that Miguel had put together for using NIST framework with the controls to update the NetSec requirements.

Definitions and Glossary Working Group (Tim C.)

  • No update

Forum Infrastructure Subcommittee update (Jos)

  • Instructions for forms with QR to record the F2F in person attendance.
  • CLA and guidelines for GitHub contributions (Ben working on this)
  • Backlog grooming
  • Added a backlog item to do a full review of the website, put up a change in Git or pass along to a member of the committee.
  • One area is the About pages. Ben deleted out of date materials on some. Resources pages are out of date as well.
  • Going to a monthly meeting calendar.

Any Other Business

  • Please sign up for the F2F!
  • All groups should be thinking about their agenda for the F2F and place it in the wiki.
  • IPR Revision: Ben needs feedback via a straw poll. - New member comes in they have 45-days to file an exclusion notice on a draft guideline; but it is not clear about existing guidelines. - Question: Do we go with the vague existing policy of any guideline (existing and new) verses only draft guidelines - Should send to the legal folks to review this in the IPR subcommittee.
  • Add an IPR agenda item for the next few meetings.

Next call

Feb 26, 2026

Adjourn

Latest releases
Server Certificate Requirements
SC097: Sunset all remaining use of SHA-1 signatures in Certificates and CRLs - Feb 25, 2026

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.12 - Ballot SMC014 - Oct 13, 2025

This ballot introduces requirements that a Certificate Issuer MUST deploy DNSSEC validation back to the IANA DNSSEC root trust anchor on all DNS queries associated with CAA record lookups performed by the Primary Network Perspective, effective March 15, 2026. The ballot is intended to maintain consistency in the S/MIME Baseline Requirements with the requirements of Ballot SC-085 which implemented identical requirements in the TLS Baseline Requirements. Note: SC-085 also introduced requirements in TLS Baseline Requirements for the use of DNSSEC in domain control validation. These requirements are automatically adopted in the S/MIME BR by the email domain control methods that include a normative reference to section 3.2.2.4 of the TLS Baseline Requirements. The draft also includes minor corrections to web links in the text. This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Client Wilson (Apple) and Ashish Dhiman (GlobalSign).

Network and Certificate System Security Requirements
Version 2.0.5 (Ballot NS-008) - Jul 9, 2025

Related posts
Tags
Forum Minutes
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).