CA/Browser Forum
Home » All CA/Browser Forum Posts » 2026-05-07 Minutes of the Server Certificate Working Group

2026-05-07 Minutes of the Server Certificate Working Group

Minutes:

Meeting Title: CA/Browser Forum SCWG Teleconference

Date: 7 May 2026

Chair: Dimitris Zacharopoulos

Minutes Taken By: Lynn Jeun

1. Begin Recording - Roll Call

Meeting called to order by Dimitris Zacharopoulos.

2. Reading of Note-well

Dimitris read the note-well.

3. Review of Agenda

No changes

4. Minutes approval

March 10, 2026 F2F#67 SCWG Meeting - Approved

April 9, 2026 Teleconference – Draft minutes have not been distributed yet

April 23, 2026 Teleconference - Draft minutes have not been distributed yet

5. Membership applications

No application

6. Ballot Status

In Voting Period

  • SC098v2: Process RFC 8657 CAA Parameters (End of voting : May 11)

Under IPR Review

  • SC099: Improve Recording of Validation Method (IPR Review ends 2026-05-18 18:00:00 UTC)

Cleared IPR Review, New Guidelines

  • SC095: Clean-up 2025 (EV Guidelines version 2.0.2 with effective date 2026-05-04 to be published)

Draft / Under Consideration

  • SC087: Registration Number Improvement for EV Certificates - Corey resolved all cleanup ballot merge conflicts, adjusted the effective date to avoid a validation cliff, confirmed alignment with endorsers, and plans to start the discussion period by Monday.
  • SC101: Clarify Authorization Domain Names – No update
  • SC0XX: Improve Certificate Problem Reports and Clarify the Meaning of Revocation – No update
  • SC0XX: Allow ML-DSA(PR#622, PR#624)
    • Corey noted differences between the two proposals and emphasized the need to align them and clarify overall motivation.
    • Dimitris expressed preference for a more flexible approach in algorithm handling.
    • Chris raised concerns about unclear justification and highlighted risks to the Certificate Transparency (CT) ecosystem, especially scalability impacts.
    • Martijn warned that larger ML-DSA signatures could significantly strain CT log infrastructure.
    • Trevoli Ponds questioned whether CT-related constraints should influence Baseline Requirements decisions.
    • Participants noted uncertainty around the Microsoft pilot program and overall ecosystem readiness.
    • Further discussion is required to clarify motivation, address CT concerns, and gather additional input (including Microsoft feedback) before proceeding.

7. Any other business

8. Next call: May 21, 2026

9. Adjourn

Attendees

Aaron Poulsen (SSL.com), Adriano Santoni (Actalis), Andrea Holland (IdenTrust), Atsushi INABA (GlobalSign), Ben (Chunghwa Telecom), Ben Wilson (Mozilla), Chad Dandar, Chris Clements (Google Chrome), Clint Wilson(Apple), Corey Bonnell (DigiCert), Corey Rasmussen (OATI), Cynetheia Brown (FPKIMA), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Dustin Hollenback, Eric Kramer (Sectigo), Georgy Sebastian (Amazon Trust Services), Greg Tomko (GlobalSign), Hazhar Ismail (MSC Trustgate), Hogeun Yoo (NAVER CLOUD), Inigo Barreira(Sectigo), Janet Hines (SSL.com), Jeff Ward (Aprio), Johnny Reading (GoDaddy), John Mason (Microsoft Corp), Jos Purvis (Fastly), Jun Okura (Cybertrust), Karolina Ruszczynska (Certum), Kateryna Aleksieieva (Certum by Asseco), Kiran Tummala(Microsoft), kiran Tummlala (Apple), Lucy Buecking (IdenTrust), Luis Cervantes (SSL.com), Luis Osses (Amazon Trust Services), Mahua Chaudhuri (Microsoft), Martijn Katerbarg (Sectigo), Masaru Sakamoto (Cybertrust Japan), Matthew McPherrin (ISRG), Michael Slaughter (Amazon Trust Services), Michelle Coon(OATI), Miguel Sanchez (GTS), Nate Smith (GoDaddy), Nome Huang (TrustAsia), ONO Fumiaki (SECOM Trust Systems), Paul van Brouwershaven (Digitorus), Peter Miskovic (Disig), Rebecca Kelley (SSL.com), Rich Smith (DigiCert), Rob White (GoDaddy), Rollin Yu (TrustAsia), Roman Fischer (SwissSign), Sándor SZŐKE, dr. (Microsec), Sandy Balzer (SwissSign), Scott Rea (eMudhra), Sean Huang (TWCA), Stephen Davidson (DigiCert), Steven Deitte (GoDaddy), Tadahiko ITO (SECOM), Thomas Zermeno (SSL.com), Tim Callan (Sectigo), Tobias Josefowitz (Opera), Trevoli Ponds-White (Amazon Trust Services), Tsung-Min Kuo (Chunghwa Telecom), wendy brown (FPKIMA).

Latest releases
Server Certificate Requirements
SC099: Improve Recording of Validation Methods - May 19, 2026

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.14 - Ballot SMC016 - May 5, 2026

This ballot maintains consistency between the S/MIME Baseline Requirements and the TLS Baseline Requirements with changes introduced by Ballots SC096 and SC097. Specifically, this ballot: Creates a carve-out of the logging requirements for DNSSEC specifically, stating these are not in scope. For audit purposes, change management logging is able to confirm if the appropriate controls are in effect or not. Sunsets all remaining use of SHA-1 signatures in Certificates and CRLs. It is noted that most uses of SHA-1 signatures are already deprecated by SC097. With this ballot, all unexpired Subordinate CA Certificates issuing S/MIME containing the SHA-1 signature algorithm must be revoked. This proposal does not prohibit the use of SHA-1 to generate issuerKeyHash or issuerNameHash values as currently required by RFC 5019. Includes minor formatting corrections.

Network and Certificate System Security Requirements
Version 2.0.5 (Ballot NS-008) - Jul 9, 2025

Related posts
Tags
Minutes Server Certificates
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).