CA/Browser Forum
Home » All CA/Browser Forum Posts » 2026-02-26 Minutes of the Forum

2026-02-26 Minutes of the Forum

Minutes:

CA/Browser Forum Meeting Minutes

February 26, 2026

1. Begin Recording

2. Read Note-Well

The Note-Well was read.

3. Review of Agenda

The agenda was reviewed. No changes.

4. Approval of Minutes

  • January 29th minutes: No comments. Minutes approved.
  • February 12th minutes: No comments. Minutes approved.

5. Server Certificate Working Group Update

Presented by Dimitris Zacharopoulos (HARICA) and Corey Bonnell (DigiCert)

  • The face-to-face agenda has been set. Two discussion topics:
    1. ADN improvement ballot – progress review and discussion, expected to take the majority of the time.
    2. Reliable data sources – to be led by Scott.
  • The ADN improvement ballot is progressing well and is close to being finalized.
  • Discussion was held on the RFC 8657 ballot, specifically around how to specify the domain value without specifying the CAA for a specific CA and account URI. Wayne took an action item to investigate how this will be signaled.
  • Discussion on SERVFAIL errors in DNSSEC requirements: consensus was reached that a SERVFAIL is a reason not to issue only when the DNS zone is DNSSEC-signed (i.e., it does not apply when the zone is not secured, but there may be other reasons not to isssue in that case.).

6. Code Signing Certificate Working Group Update

Presented by Martijn Katerbarg (Sectigo)

  • The working group met last week and has set the face-to-face agenda, which will mainly focus on:
    • A Microsoft proposal on potentially eliminating callbacks and enabling a more automated process. Karina is preparing a proposal for discussion at the face-to-face.
    • The continued intent to move to a single profile.
  • New insights have been gained into OCSP issues that are blocking the long-standing server certificate alignment ballot. Progress on this is expected shortly.

7. S/MIME Certificate Working Group Update

Presented by Martijn Katerbarg (Sectigo) in Stephen Davidson’s absence

  • The face-to-face agenda has been set.
  • The S/MIME working group call was held the previous day.
  • March 15th deadlines were reviewed, similar to the TLS working group.
  • The SMTP and client authentication issue was discussed further; no immediate action required at this time.
  • Discussion on SHA-1 subordinate CAs: the working group is considering a ballot similar to what was done on the TLS side, with potential language adjustments depending on information available in CCDB.

8. NetSec Working Group Update

Presented by Clint Wilson

  • The working group met and set the face-to-face agenda. Two main topics:
    1. Proposed update to the NCSSSRs – a comprehensive revision targeting a version 3 update.
    2. Cloud services for hosting audit log archives – discussion on cloud service provider incidents and how they are handled, in preparation for more concrete discussions on cloud service providers.
  • The working group has an hour and a half allocated at the face-to-face; this is expected to be well-utilized.

9. Definitions and Glossary Working Group Update

Tim Callan (Sectigo)

No update; topics will be discussed at the face-to-face.

10. Forum Infrastructure Subcommittee Update

Jos and Ben Wilson were not on the call. Wayne Thayer was uncertain whether a meeting had taken place. The subcommittee has moved to a once-a-month cadence.

No update available.

11. Any Other Business

Face-to-Face – March 12th

Dean provided an update on face-to-face logistics:

  • In-person attendance: 62–63 people (including guest speakers).
  • Remote attendance: 37 registered.
  • WebEx links are up and running.
  • A QR code attendance procedure will be used to streamline attendance tracking, with separate attendance lists per working group.
  • Day 1 (Dean not attending; Tim Callan presiding):
    • Validation Subcommittee (Corey)
    • NetSec Working Group (Clint)
    • Server Certificate Working Group (3 hours with break)
  • Evening event: Wednesday, starting at 7:00 PM. Details, including location, are on the wiki.
  • Day 2:
    • Root program updates
    • Auditor updates (several auditors attending in person)
    • Two guest speakers on Day 2:
      1. Everything DNS and DNSSEC
      2. HSMs and PQC
  • Day 3:
    • IPR
    • Infrastructure
    • Definitions and Glossary
    • Code Signing
    • S/MIME

Email to Questions List

An email received in November regarding CA/Browser Forum improvement proposals was discussed. The email, also forwarded to Dimitris, proposed a complete restructuring of the CA/Browser Forum covering items outside the current charter scope.

Discussion:

  • Several members noted the document appeared to have been generated by an LLM and did not reflect an accurate understanding of the Forum’s context, charter, scope, or history.
  • Consensus: Send a brief acknowledgment indicating the email has been reviewed and noting the misunderstanding of the Forum’s scope.

12. Next Meeting

  • Next plenary call: March 26, 2026
  • Face-to-face: March 12, 2026 (no regular call that week)

13. Adjourn

The meeting was adjourned. Dean thanked all attendees and wished everyone a great day.

Attendees

Adam Folson (IdenTrust), Adam Jones (Microsoft), Adriano Santoni (Actalis S.p.A.), Antti Backman (Telia Company), Ben Wilson (Mozilla), Chris Clements (Google), Clint Wilson (Apple), Corey Bonnell (DigiCert), Corey Rasmussen (OATI), Daryn Wright (Apple), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Apple), Dustin Ward (SSL.com), Gurleen Grewal (Google), Inaba Atsushi (GlobalSign), Iñigo Barreira (Sectigo), Jaime Hablutzel (OISTE Foundation), Jeanette Snook (Visa), Johnny Reading (GoDaddy), Jozef Nigut (Disig), Jun Okura (Cybertrust Japan), Karolina Ruszczyńska (Asseco Data Systems SA (Certum)), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Li-Chun Chen (Chunghwa Telecom), Lilia Dubko (CPA Canada/WebTrust), Lucy Buecking (IdenTrust), Luis Cervantes (SSL.com), Luis Osses (Amazon), Mahua Chaudhuri (Microsoft), Marcelo Silva (Visa), Marco Schambach (IdenTrust), Martijn Katerbarg (Sectigo), Masaru Sakamoto (Cybertrust Japan), Michelle Coon (OATI), Mrugesh Chandarana (IdenTrust), Nome Huang (TrustAsia), Rebecca Kelly (SSL.com), Rollin Yu (TrustAsia), Sándor Szőke (Microsec), Sandy Balzer (SwissSign), Scott Rea (eMudhra), Stephen Davidson (DigiCert), Tadahiko Ito (SECOM Trust Systems), Thomas Zermeno (SSL.com), Tim Callan (Sectigo), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority)

Latest releases
Server Certificate Requirements
SC095v3: Clean-up 2025 - Apr 2, 2026

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.13 - Ballot SMC015v2 - Mar 28, 2026

This ballot introduces requirements that a CA or RA must follow to rely upon a Mobile Drivers License (mDL) to provide evidence for the authentication of individual identity. It allows the use of mDL that conform to ISO/IEC 18013-5 and which may be verified by the CA or RA in conformance with ISO/IEC 18013-7. The CA or RA shall only accept mDL from an Issuing Authority that is legally authorized by the relevant government or jurisdiction to issue driving licenses. The draft also aligns the subsections of 3.2.4.2 (Validation of individual identity) to correspond more closely with those in 3.2.4.1 (Attribute collection of individual identity). It also includes minor editorial corrections. SMC015v2 was updated to remove an additional reference to the superceded ETSI EN 319 403. This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Ben Wilson (Mozilla) and Scott Rea (eMudhra).

Network and Certificate System Security Requirements
Version 2.0.5 (Ballot NS-008) - Jul 9, 2025

Related posts
Tags
Forum Minutes
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).