The CA/Browser Forum conducts business primarily at the working group level, although voting on a working group charter is by a plenary of the Forum.
Members may propose by ballot the chartering of Working Groups open to participation by Members and Interested Parties. The ballot shall outline the scope of the Working Group’s activities, including deliverables, any limitations, and Working Group expiration date. Details are available in Section 5.3.1 of the Bylaws. Upon approval of the Working Group, its Chair is elected by majority vote of its members (or chosen as otherwise specified in the charter). The Chair then sends an invitation for an initial meeting and seeks participation of eligible Members, Associate Members and Interested Parties (as specified in the charter) with expertise and interest in the Working Group’s subject matter. Working Groups may establish separate list-servs, wikis, and web pages for their communications, but all such separate list-servs must be managed in the same fashion as the Public Mail List.
Working Groups may meet by teleconference or face-to-face meetings. They adopt Final Guidelines and Final Maintenance Guidelines within the scope of their charters and according to the provisions (including voting processes) of their charters. Any Final Guideline or Maintenance Guideline is then posted to the Public Mail List. Final Maintenance Guidelines and new Final Guidelines must pass through a 30-day and 60-day Intellectual Property Rights review period before they are final, however they do not need to be approved by the Forum at large.
All CA/Browser Forum members must meet the membership criteria of at least one Chartered Working Group (CWG). Generally, they must meet the following criteria:
- Certificate Issuer: The member organization operates a certification authority that has a current and successful WebTrust for CAs audit or ETSI EN 319 411 audit report prepared by a properly-qualified auditor, is a member of a CWG, and that actively issues certificates to end entities, such certificates being treated as valid by a Certificate Consumer Member. Applicants that are not actively issuing certificates but otherwise meet membership criteria may be granted Probationary Member status under Bylaw Sec. 3.3 for a period of time to be designated by the CWG.
- Certificate Consumer: The member organization produces a software product, such as a browser, intended for use by the general public for relying upon certificates and is a member of one of the CWGs (Server Certificate WG, Code Signing Certificate Working Group, or S/MIME Certificate Working Group).
- Six-month Probationary Period: For the Server Certificate WG, there is a six-month probationary period for new members. During the probationary period, the applicant organization must attend at least 30% of the Server Certificate WG teleconferences (not counting subcommittee meetings) and at least one face-to-face meeting of the working group (either physically or virtually).
Any individual or organization that does not qualify for voting membership in a chartered working group may participate as an Interested Party.
In addition, the CA/Browser Forum may enter into associate member relationships with other organizations when the Forum determines that maintaining such a relationship will be of benefit to the work of the Forum. Associate membership is defined in section 3.1 of the Forum Bylaws.
Please email “firstname.lastname@example.org” with “Membership Application of [Name of Your Organization]” in the Subject line.
Here are the items that should be provided in all applications:
- a completed IPR Policy Agreement, duly signed by a person with authority to bind the organization. The form may be found here – CAB Forum Agreement for IPR Policy v.1.3. We will accept either a scanned/digitized signature or a digital signature. Our IPR Policy and the IPR Policy Agreement are also found here;
- an indication of the Working Group(s) to which you are applying. At least one working group (Server Certificate WG, Code Signing Certificate Working Group, or S/MIME Certificate Working Group) must be indicated;
- organization name, as you wish it to appear on the Forum website and in official Forum documents;
- the URL of your main website;
- names and email addresses of employees who will participate on Forum mailing lists (full names and nicknames with surnames will be helpful in future communications) and the mailing lists to which they should be subscribed;
- an indication of which of such employees will be authorized to vote on Forum and working group ballots;
- emergency contact information for security issues related to certificate trust lists (email addresses, at least one telephone number, and full names and nicknames with surnames will be helpful in future communications).
Applicants for the Certificate Issuer voting class should also provide:
- written confirmation that your organization is a qualifying Certificate Issuer, as defined in the relevant Working Group Charter;
- the URL of your current qualifying performance audit report; and
- links or references to issued certificates that demonstrate compliance with all applicable certificate, CRL, and OCSP requirements.
For the Server Certificate Working Group, also include:
- the URLs of three web pages that comply with section 2.2 of the TLS Baseline Requirements (respectively secured with a valid, a revoked, and an expired certificate); and
- links or references to an issued end-entity certificate that demonstrates it being treated as valid by a Certificate Consumer Member.
Section 2.1 of our Bylaws requires that your organization “produces software that processes certificates and meets the requirements for membership as a Certificate Consumer in one or more CWGs.” Here are the points that an Applicant for the Certificate Consumer voting class should address in its email to the Forum:
- written confirmation that your organization is a qualifying Certificate Consumer, as defined in the relevant Working Group Charter– for the Server Certificate Working Group, this means additionally:
(1) the URL from which to download its software product intended for use by the general public for browsing the Web securely;
(2) evidence demonstrating that it provides updates for its membership-qualifying software product at least every 6 months;
(3) URL to public documentation requiring Certificate Issuer compliance with the TLS Baseline Requirements;
(4) evidence demonstrating that it meets the requirements of section 3(b)(4);
(5) URL to public documentation explaining which list(s) of CA certificates or public keys, root store(s), or similar mechanisms are used for determining whether a certificate chain is valid and trusted;
(6) URL to public documentation explaining the steps that Certificate Issuers need to take in order to have their CA certificates trusted or distrusted by the membership-qualifying software product; and
(7) URL to public documentation explaining how to contact it regarding violations of the TLS BRs, security incidents, or other issues or concerns related to certificate validation by the membership-qualifying software product.
If there are any questions about the completeness of your application, we will get back to you. Otherwise, once we have received this information, we will make a determination on whether your organization has qualified under these membership criteria and get back to you with more information about your membership and participation.
Our IPR Policy and the IPR Policy Agreement are also found here. If there are any questions about the completeness of your application, we will get back to you. Otherwise, once we have received this information, we will make a determination on whether your organization has qualified under these membership criteria and get back to you with more information about your membership and participation.
For any other questions you may have about membership or participation in the CA/Browser Forum and its Working Groups, please refer to our Bylaws or email ” “.