CA/Browser Forum
Home » All CA/Browser Forum Posts » 2026-04-23 Minutes of the Forum

2026-04-23 Minutes of the Forum

Minutes:

Final Minutes for CA/B Forum Plenary Meeting - April 23, 2026

Attendees

Aaron Gable (ISRG), Adam Folsom (IdenTrust), Antti Backman (Telia Company), Antti Backman (Telia Company), Antti Backman (Telia Company), Antti Backman (Telia Company), Atsushi INABA (GlobalSign), Ben Wilson (Mozilla), Benjamin (ChungHwa Telecom), Chris Clements (Google Chrome), Clint Wilson (Apple), Corey Bonnell (DigiCert), Daryn Wright (Apple), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Apple), Enrico Entschew (D-Trust), Greg Tomko (GlobalSign), Gurleen Grewal (GTS), Hazhar Ismail (MSC Trustgate), Hogeun Yoo (NAVER Cloud Trust Services), Inigo Barreira (Sectigo), Jaime Hablutzel (WISekey), Janet Hines (SSL.com), Jeff Ward (Aprio), Johnny Reading (GoDaddy), Jos Purvis (Fastly), Jun Okura (Cybertrust), Karolina Ruszczynska (Certum), Kateryna Aleksieieva (Certum by Asseco), Lilia Dubko (CPA Canada), Lucy Buecking (IdenTrust), Luis Osses (Amazon Trust Services), Mahua Chaudhuri (Microsoft), Martijn Katerbarg (Sectigo), Matthew McPherrin (ISRG), Michelle Coon (OATI), Mrugesh Chandarana (IdenTrust), Nate Smith (GoDaddy), Nome Huang (TrustAsia), ONO Fumiaki (SECOM), Peter Miskovic (Disig), Rob White (GoDaddy), Rollin Yu (TrustAsia), Roman Fischer (SwissSign), Sándor Szöke (Microsec), Scott Rea (eMudhra), Sean Huang (TWCA), Stephen Davidson (DigiCert), Tadahiko ITO (SECOM), Thomas Zermeno (SSL.com), Tim Callan (Sectigo), Tobias Josefowitz (Opera), Trevoli Ponds-White (Amazon Trust Services), Tsung-Min Kuo (Chunghwa Telecom), Wayne Thayer (Fastly)

Begin Recording - Roll Call

Recording previously started before Server Certificate Working Group meeting

Read note-well

Dimitris read the note-well

Review of Agenda

Addition of the February 26 minutes to the agenda.

Approval of Minutes

  • February 26, 2026 minutes approved without objection
  • F2F#67 March 10, 2026 minutes also approved
  • April 9 minutes not submitted

Server Certificate Working Group update (Wayne)

Pretty standard call, went through the agenda and ballots. Nothing out of the ordinary.

Validation (Corey)

  • Aaron gave a brief update on the ADN improvement ballot - good discussion; looks like it’s getting finalized
  • Dustin has a proposal for improving EV guidelines around proof of domain ownership, has endorsers and is moving forward.
  • Splitting out of DNS based validation (Method 7) and the ACME DNS 01 method into their own number. Backlogged for now.

Code Signing (Martijn)

  • Adriano’s ballot requiring platform field in subscriber certificates has two endorsers, ready to proceed
  • Awaiting on Microsoft ballots, no progress

S/MIME (Stephen)

  • SMC016 (TLSBR consistency) exits IPR May 1, 2026
  • New ballot imminent: RSA key size increase to 4096 bits for root/intermediate CAs, effective September 2026 for new CAs with a cessation of new issuance on the old CA occuring in September 2027
  • Apple conducting survey on real-world S/MIME issuance practices to refine requirements

NetSec Working Group update (Clint)

  • Discussed certificate system definition changes from NS008 ballot; will continue to work on clearer definitions
  • Reviewed Corey’s ballot updates
  • Identified overlap between TLSBR audit logging requirements and NCSSR network boundary control definitions; will escalate to Server Cert WG
  • Discussed delegated third parties vs. third-party environments (cloud/data centers) and shared responsibility models; no concrete conclusions

Definitions & Glossary (Tim C.)

  • Hoping to have something next meeting

Forum Infrastructure

  • No Meeting; No Update

Any Other Business

IPR Update

Time is running out; get the document signed and submitted before June 1.

Fall Face-to-Face

  • Flexibility approved for moving meeting to September 23-25 (Wednesday-Friday) if preferred Vienna venue requires the shift; Scott will communicate any changes if/when they are confirmed
  • Dean encourages CAs to consider submitting presentations for the upcoming meeting and to suggest guest speakers on relevant topics - any topic related to this industry is acceptable

Adjourn

Next meeting: May 7, 2026

Latest releases
Server Certificate Requirements
SC098: Process RFC 8657 CAA Parameters - Jun 16, 2026

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.14 - Ballot SMC016 - May 5, 2026

This ballot maintains consistency between the S/MIME Baseline Requirements and the TLS Baseline Requirements with changes introduced by Ballots SC096 and SC097. Specifically, this ballot: Creates a carve-out of the logging requirements for DNSSEC specifically, stating these are not in scope. For audit purposes, change management logging is able to confirm if the appropriate controls are in effect or not. Sunsets all remaining use of SHA-1 signatures in Certificates and CRLs. It is noted that most uses of SHA-1 signatures are already deprecated by SC097. With this ballot, all unexpired Subordinate CA Certificates issuing S/MIME containing the SHA-1 signature algorithm must be revoked. This proposal does not prohibit the use of SHA-1 to generate issuerKeyHash or issuerNameHash values as currently required by RFC 5019. Includes minor formatting corrections.

Network and Certificate System Security Requirements
Version 2.0.5 (Ballot NS-008) - Jul 9, 2025

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).