CAB Forum Certificate Issuers, Certificate Consumers, and Interested Parties Working to Secure the Web
CA/Browser Forum Membership
The CA/Browser Forum conducts business primarily at the working group level, although voting on a working group charter is by a plenary of the Forum.
- Members may propose by ballot the chartering of Working Groups open to participation by Members and Interested Parties. The ballot shall outline the scope of the Working Group’s activities, including deliverables, any limitations, and Working Group expiration date. Details are available in Section 5.3.1 of the Bylaws. Upon approval of the Working Group, its Chair is elected by majority vote of its members (or chosen as otherwise specified in the charter). The Chair then sends an invitation for an initial meeting and seeks participation of eligible Members, Associate Members and Interested Parties (as specified in the charter) with expertise and interest in the Working Group’s subject matter. Working Groups may establish separate list-servs, wikis, and web pages for their communications, but all such separate list-servs must be managed in the same fashion as the Public Mail List.
- Working Groups may meet by teleconference or face-to-face meetings. They adopt Final Guidelines and Final Maintenance Guidelines within the scope of their charters and according to the provisions (including voting processes) of their charters. Any Final Guideline or Maintenance Guideline is then posted to the Public Mail List. Unlike proceedings prior to July 2018, now Final Guidelines and Final Maintenance Guidelines formally adopted by a Working Group do not need to be approved by the Forum at large.
All CA/Browser Forum members must participate in at least one Chartered Working Group (CWG) and meet at least one of the following criteria:
- Certificate Issuer: The member organization operates a certification authority that has a current and successful WebTrust for CAs audit or ETSI EN 319 411-1 or ETSI TS 102 042 or ETSI TS 101 456 audit report prepared by a properly-qualified auditor, is a member of a CWG, and that actively issues certificates to end entities, such certificates being treated as valid by a Certificate Consumer Member. Applicants that are not actively issuing certificates but otherwise meet membership criteria may be granted Associate Member status under Bylaw Sec. 3.1 for a period of time to be designated by the Forum.
- Root Certificate Issuer: The member organization operates a certification authority that has a current and successful WebTrust for CAs, or ETSI EN 319 411-1102042 or ETSI TS 102 042 or ETSI TS 101 456 audit report prepared by a properly-qualified auditor, is a member of a CWG, and that issues certificates to subordinate CAs that, in turn, actively issue certificates to end entities such certificates being treated as valid by a Certificate Consumer Member. Applicants that are not actively issuing certificates but otherwise meet membership criteria may be granted Associate Member status under Bylaw Section 3.1 for a period of time to be designated by the Forum.
- Certificate Consumer: The member organization produces a software product, such as a browser, intended for use by the general public for relying upon certificates and is a member of a CWG.
Any individual or organization that does not qualify for any of the above classes of membership may participate as an Interested Party.
In addition, the CA/Browser Forum may enter into associate member relationships with other organizations when the Forum determines that maintaining such a relationship will be of benefit to the work of the Forum. Associate membership is defined in section 3.1 of the Bylaws.
Membership Application:
For CAs Wishing to Join:
Please send an email to ” questions@cabforum.org ” with “Membership Application of [Name of Your Organization]” in the Subject line.
Here are the points you should address in your application:
- (1) written confirmation that you are a qualifying Certificate Issuer or Root Certificate Issuer, as described above;
- (2) organization name, as you wish it to appear on the Forum Web site and in official Forum documents;
- (3) URL of your main Web site;
- (4) Names and email addresses of employees who will participate in the Forum mail list (Full names and nicknames with surnames will be helpful in future communications);
- (5) Emergency contact information for security issues related to certificate trust lists (Email addresses, at least one telephone number, and full names and nicknames with surnames will be helpful in future communications);
- (6) the URL of your current qualifying performance audit report;
- (7) the URL of at least one third party website that includes a certificate issued by the Applicant in the certificate chain;
- (8) links or references to issued certificates that demonstrate compliance with all applicable certificate, CRL, and OCSP requirements; and
- (9) a completed IPR Policy Agreement, found here – CAB Forum Agreement for IPR Policy v.1.3 – we will accept either a scanned/digitized signature or a digital signature. Our IPR Policy and the IPR Policy Agreement are also found here.
- (10) Please indicate the Working Group(s) to which you are applying to join. At least one working group must be indicated. A list of active groups can be found on our website under the “Working Groups” heading / pull-down menu.
- If there are any questions about the completeness of your application, we will get back to you. Otherwise, once we have received this information, we will make a determination on whether your organization has qualified under these membership criteria and get back to you with more information about your membership and participation.
For Certificate Consumer organizations interested in joining:
If you are a creator/publisher of browser software or other software that includes trusted root certificates, you may wish to consider joining the CA/Browser Forum. To begin the process, click here to send an email request.
Our Bylaws require that your organization “produces a software product, such as a browser, intended for use by the general public for relying upon certificates and is a member of a CWG.” Here are the points you should address in your email to the Forum:
- Written confirmation that you meet the above Bylaw requirement
- The organization name, as you wish it to appear on the Forum Web site and in official Forum documents
- The URL of your main Web site
- Names and email addresses of employees who will participate in the Forum mail list (Full names and nicknames with surnames will be helpful in future communications)
- Emergency contact information for security issues related to certificate trust lists (Email addresses, at least one telephone number, and full names and nicknames with surnames will be helpful in future communications), and
- A completed IPR Policy Agreement, CAB Forum Agreement for IPR Policy v.1.3 – we will accept either a scanned/digitized signature or a digital signature.
Our IPR Policy and the IPR Policy Agreement are also found here. If there are any questions about the completeness of your application, we will get back to you. Otherwise, once we have received this information, we will make a determination on whether your organization has qualified under these membership criteria and get back to you with more information about your membership and participation.
For any other questions you may have about membership or participation in the CA/Browser Forum and its Working Groups, please refer to our Bylaws.