CA/Browser Forum
Home » All CA/Browser Forum Posts » 2026-06-18 Minutes of the Forum

2026-06-18 Minutes of the Forum

Minutes:

CA/B Forum plenary Meeting - June 18, 2026

1. Roll Call – from recording

2. Read note-well

The note-well was read by Dimitris in prior session.

3. Review of Agenda

The Agenda as provided on list prior to the call (see above).

4. Minutes

  • June 4, 2026 (Draft minutes were distributed on 2026-06-05) – are Approved

5. Server Certificate Working Group (Dimitris & Stephen)

  • No SCWG held previous slot due to CA presentations

  • Validation SubCommittee:

    • Corey stepping away and Stephen will take over leading the group.
    • Rich’s DNSSEC clarification ballot waiting for SC98 to come out of IPR because that necessitates moving sections around
    • Ballot related to amending EV domain ownership is under discussion, but this might flow into a much needed EVG overhaul.
    • Aaron G’s SC101 to update to v2 updating section 3.2.2.5.3 with effective date
    • Scott is preparing some questions for the list of reliable data sources as per 3.2.2.7.

6. Code Signing Certificate Working Group (Martijn)

  • SCWG Alignment Ballot finally progressed on the 4th attempt. Was sponsored by Corey so we are going to restart the discussion on that – Stephen is taking that on.
  • Karina gave a short intro on KYC and threat intelligence sharing between CAs and Microsoft – more to come in next meeting

7. SMIME Certificate Working Group (Stephen)

  • Ballot in discussion right now adjusting key sizes for certs and CAs that are RSA based. Moving CAs to 4096 minimum and end entities to 3072 minimums.
  • Expected ballot soon for (similar to TLS BRs) the impact of CCADB Policy 6.3 adjustments – SMIME BRs are less prescriptive than TLS BRs in this regards
  • There may be some deviation in synchronicity between SMIME and TLS BRs when it comes to validation because of where such things are located in different sections.

8. NetSec Working Group (Trevoli)

  • Ballot updates were the primary topic of discussion.
  • For Log Storage Ballot, Tim is taking over from Corey.
  • SSL.com introduced an idea of a follow on ballot to the Log Storage that dealt with defining Registration Authorities.

9. Definitions and Glossary Working Group (Polina)

  • Preliminary document has been published for discussion.
  • Once feedback is consolidated, a presentation on the same will be provided and subsequently a ballot will be proposed.

10. Forum Infrastructure SubCommittee (Martijn)

  • No meeting held
  • But there was a posting to the list about the adding of archive to the mailing list so that there is more fuller search capability rather than relying just on Google Groups.

11. IPR Update (Ben)

  • 79 new IPRs have been signed
  • Discussion about getting a better report about progress based on data held

12. Any other business

  • 3 CAs are seeking to present topics at the Fall meeting.
  • Agenda will return to the usual programming for Fall meeting
  • Elections are coming up.
  • Fall meeting details shared – interest in tour of the host building sought, seems something at end of the day can be accommodated.

13. Next Call

Next call is July 2nd, 2026.

14. Meeting Adjournment

Meeting adjourned.

Attendees

Aaron Gable (ISRG), Aaron Poulsen (SSL.com), Andrea Holland (IdenTrust), Antti Backman (Telia Company), Arno Fiedler (ETSI), Atsushi INABA (GlobalSign), Ben Wilson (Mozilla), Chad Dandar (Cisco), Corey Rasmussen (OATI), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Apple), Ethan Davis (Google Trust Services), Georgy Sebastian (Amazon Trust Services), Greg Tomko (GlobalSign), Hazhar Ismail (MSC Trustgate), Hogeun Yoo (NAVER Cloud Trust Services), Inigo Barreira (Sectigo), Janet Hines (SSL.com), Jun Okura (Cybertrust), Karina Sirota Goodley (Microsoft), Li-Chun Chen (Chunghwa Telecom), Lilia Dubko (CPA Canada), Logan Mabe (Microsoft), Lucy Buecking (IdenTrust), Luis Osses (Amazon Trust Services), Mahua Chaudhuri (Microsoft), Martijn Katerbarg (Sectigo), Masaru Sakamoto (Cybertrust), Michelle Coon (OATI), Naresh Charugundla (Microsoft), Nate Smith (GoDaddy), Nome Huang (TrustAsia), ONO Fumiaki (SECOM Trust Systems), Paul van Brouwershaven (Digitorus), Peter Miskovic (Disig), Polina Glazyrina (Sectigo), Rajeev Mohindra (Microsoft), Rebecca Kelley (SSL.com), Rob White (GoDaddy), Rollin Yu (TrustAsia), Roman Fischer (SwissSign), Sandy Balzer (SwissSign), Sándor SZŐKE, dr. (Microsec), Scott Rea (eMudhra), Sean Huang (TWCA), Stephen Davidson (DigiCert), Tadahiko Ito (SECOM trust Systems), Tobias Josefowitz (Opera), Trevoli Ponds-White (Amazon Trust Services), Wayne Thayer (Fastly), Wendy Brown (FPKIMA), Wiktoria Wieckowska (Certum by Asseco)

Latest releases
Server Certificate Requirements
SC098: Process RFC 8657 CAA Parameters - Jun 16, 2026

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.14 - Ballot SMC016 - May 5, 2026

This ballot maintains consistency between the S/MIME Baseline Requirements and the TLS Baseline Requirements with changes introduced by Ballots SC096 and SC097. Specifically, this ballot: Creates a carve-out of the logging requirements for DNSSEC specifically, stating these are not in scope. For audit purposes, change management logging is able to confirm if the appropriate controls are in effect or not. Sunsets all remaining use of SHA-1 signatures in Certificates and CRLs. It is noted that most uses of SHA-1 signatures are already deprecated by SC097. With this ballot, all unexpired Subordinate CA Certificates issuing S/MIME containing the SHA-1 signature algorithm must be revoked. This proposal does not prohibit the use of SHA-1 to generate issuerKeyHash or issuerNameHash values as currently required by RFC 5019. Includes minor formatting corrections.

Network and Certificate System Security Requirements
Version 2.0.5 (Ballot NS-008) - Jul 9, 2025

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).