CA/Browser Forum posts
Ballot SC095v3: Clean-up 2025
February 27, 2026 by Wayne ThayerVoting Results Certificate Issuers 24 votes in total:
February 27, 2026 by Wayne ThayerVoting Results Certificate Issuers 24 votes in total:
2026-02-12 Minutes of the Server Certificate Working Group
February 12, 2026 by Wayne ThayerMinutes: Notes by: Janet Hines (VikingCloud) Begin Recording - Roll Call Read note-well Note-well was read by Dimitris
February 12, 2026 by Wayne ThayerMinutes: Notes by: Janet Hines (VikingCloud) Begin Recording - Roll Call Read note-well Note-well was read by Dimitris
2026-01-29 Minutes of the Server Certificate Working Group
January 29, 2026 by Wayne ThayerMinutes: Minutes by Jos Purvis (Fastly) I. Meeting Logistics Dimitris read the note-well. No changes were requested for the agenda. The minutes from the 15 January meeting were approved without changes. II. Membership Applications The membership application of Santosh Pandit as an individual interested party was reviewed and approved without objection. III. Ballots The cleanup ballot currently in its discussion period was reviewed. Kateryna Aleksieieva (Certum) indicated there were no updates on the ballot status, but they hoped to have it completed in January. There are 3 ballots currently in IPR: SC 94, 96, and 97. Ballots 94 and 96 will end their IPR periods on the same day; Dimitris asked the group for guidance on how to treat the release of red-lines and final guidelines for each ballot — whether to release separate versions of the BRs or a single version comparing the two. Corey Bonnell (Digicert) pointed out that this happened a few years ago in the Code-Signing working group and they elected to release each ballot separately, meaning the first ballot had an effective period of about fifteen minutes before the second ballot also took effect. Dimitris pointed out that the table for effective dates doesn’t include timestamps, just dates, so he was thinking of applying a similar approach but separated by a day. The group indicated that would be fine but there was no particular concern with doing separate releases but having both ballots’ effective dates be the same day. Dimitris listed 5 ballots currently under consideration. Corey indicated he had made some changes around dates in SC87 (registration number improvement for EV certificates), updated the PR, and verified the new copy with the current endorsers. Once the endorsers have indicated consent to the changes, he’ll be proceeding with moving this into discussion and formal balloting in the next few weeks. Aaron Gable (ISRG) offered an update on the ballot for cleanups to ADNC names. The significant topic the Validation Subcommittee discussed was the difference between re-using a validation for the applied-for FQDN (which is what the BRs discuss today) versus re-using a validation for the actually-validated ADN (which is what the new version of the BRs included). Aaron and Jacob are preparing an email to update the community on the changes and updates the ballot proposes and hopes to have that out prior to the next Validation Subcommittee meeting. Martijn Katerbarg (Sectigo) is leading the ballot improving CPRs and clarifying revocation: there were no updates on that ballot’s progress. Clint Wilson (Apple) is leading the ballot now numbered SC93. Clint said there’s an excellent comment on the ballot pull request from GTS outlining their thoughts and concerns around the ballot. Clint asked the community for further discussion on whether the ballot offered sufficient value in comparison to cost to advance or should be approached via a different route. Finally, Dimitris reviewed the ballot for an updated timeline for errors affecting CP/CPS deviations. He indicated he had reached out to a few members to get feedback and discussion around the ballot but had not received much back, and would likely add this to discussion at the upcoming face-to-face meeting. IV. Discussion Items — Current Business Ballot Number Allocations Dimitris articulated the concerns around ballot numbering, which currently follows an informal process to allocate ballot numbers. At the moment, the process indicates a ballot number should be assigned once a ballot has achieved some consensus and attached two endorsers; he noted, however, that it’s much easier to have discussions around proposed ballots with a number attached to them for clarity of reference. He also indicated concerns with the currently pending ballot SC93, which has adopted that number from this process, but then leaves a gap in ballot numbers that might need to be accounted for in some way. Aaron concurred that it was easier to refer to a ballot if there were a number assigned; Jos pointed out that in the past this had resulted in numbering gaps that then generated questions later about what happened to those numbers that were skipped. Jos proposed a different solution in which we used SC- in order to create a convenient “handle” for the ballot that didn’t interfere with numbering. Ben Wilson (Mozilla) felt we should keep the current system as it is, and said if a ballot were abandoned once it reached the discussion stage it was relatively easy to note that in the historical record; he also pointed out that a ballot doesn’t need to be in its final form for someone to endorse it. Aaron suggested using the pull-request number for naming draft ballots. Tim Callan (Sectigo) pointed out that if we took the approach of encouraging “early endorsers” we might see people voting no on a ballot they endorsed initially because of the changes since they endorsed it; the group felt it was important in that case to emphasize there was no stigma attached to withdrawing endorsement of a ballot or voting no on a ballot previously endorsed. Dimitris summarized the discussion and encouraged further discussion around this on future calls. The next topic was volunteers around minute-taking. Dimitris explained the rotation system currently in use for minute-takers, and asked that people reach out to him to be added to or removed from the list of minute-takers. V. New Business There were no new-business items from the group. Dimitris adjourned the meeting, noting the next meeting would be 12 February.
January 29, 2026 by Wayne ThayerMinutes: Minutes by Jos Purvis (Fastly) I. Meeting Logistics Dimitris read the note-well. No changes were requested for the agenda. The minutes from the 15 January meeting were approved without changes. II. Membership Applications The membership application of Santosh Pandit as an individual interested party was reviewed and approved without objection. III. Ballots The cleanup ballot currently in its discussion period was reviewed. Kateryna Aleksieieva (Certum) indicated there were no updates on the ballot status, but they hoped to have it completed in January. There are 3 ballots currently in IPR: SC 94, 96, and 97. Ballots 94 and 96 will end their IPR periods on the same day; Dimitris asked the group for guidance on how to treat the release of red-lines and final guidelines for each ballot — whether to release separate versions of the BRs or a single version comparing the two. Corey Bonnell (Digicert) pointed out that this happened a few years ago in the Code-Signing working group and they elected to release each ballot separately, meaning the first ballot had an effective period of about fifteen minutes before the second ballot also took effect. Dimitris pointed out that the table for effective dates doesn’t include timestamps, just dates, so he was thinking of applying a similar approach but separated by a day. The group indicated that would be fine but there was no particular concern with doing separate releases but having both ballots’ effective dates be the same day. Dimitris listed 5 ballots currently under consideration. Corey indicated he had made some changes around dates in SC87 (registration number improvement for EV certificates), updated the PR, and verified the new copy with the current endorsers. Once the endorsers have indicated consent to the changes, he’ll be proceeding with moving this into discussion and formal balloting in the next few weeks. Aaron Gable (ISRG) offered an update on the ballot for cleanups to ADNC names. The significant topic the Validation Subcommittee discussed was the difference between re-using a validation for the applied-for FQDN (which is what the BRs discuss today) versus re-using a validation for the actually-validated ADN (which is what the new version of the BRs included). Aaron and Jacob are preparing an email to update the community on the changes and updates the ballot proposes and hopes to have that out prior to the next Validation Subcommittee meeting. Martijn Katerbarg (Sectigo) is leading the ballot improving CPRs and clarifying revocation: there were no updates on that ballot’s progress. Clint Wilson (Apple) is leading the ballot now numbered SC93. Clint said there’s an excellent comment on the ballot pull request from GTS outlining their thoughts and concerns around the ballot. Clint asked the community for further discussion on whether the ballot offered sufficient value in comparison to cost to advance or should be approached via a different route. Finally, Dimitris reviewed the ballot for an updated timeline for errors affecting CP/CPS deviations. He indicated he had reached out to a few members to get feedback and discussion around the ballot but had not received much back, and would likely add this to discussion at the upcoming face-to-face meeting. IV. Discussion Items — Current Business Ballot Number Allocations Dimitris articulated the concerns around ballot numbering, which currently follows an informal process to allocate ballot numbers. At the moment, the process indicates a ballot number should be assigned once a ballot has achieved some consensus and attached two endorsers; he noted, however, that it’s much easier to have discussions around proposed ballots with a number attached to them for clarity of reference. He also indicated concerns with the currently pending ballot SC93, which has adopted that number from this process, but then leaves a gap in ballot numbers that might need to be accounted for in some way. Aaron concurred that it was easier to refer to a ballot if there were a number assigned; Jos pointed out that in the past this had resulted in numbering gaps that then generated questions later about what happened to those numbers that were skipped. Jos proposed a different solution in which we used SC- in order to create a convenient “handle” for the ballot that didn’t interfere with numbering. Ben Wilson (Mozilla) felt we should keep the current system as it is, and said if a ballot were abandoned once it reached the discussion stage it was relatively easy to note that in the historical record; he also pointed out that a ballot doesn’t need to be in its final form for someone to endorse it. Aaron suggested using the pull-request number for naming draft ballots. Tim Callan (Sectigo) pointed out that if we took the approach of encouraging “early endorsers” we might see people voting no on a ballot they endorsed initially because of the changes since they endorsed it; the group felt it was important in that case to emphasize there was no stigma attached to withdrawing endorsement of a ballot or voting no on a ballot previously endorsed. Dimitris summarized the discussion and encouraged further discussion around this on future calls. The next topic was volunteers around minute-taking. Dimitris explained the rotation system currently in use for minute-takers, and asked that people reach out to him to be added to or removed from the list of minute-takers. V. New Business There were no new-business items from the group. Dimitris adjourned the meeting, noting the next meeting would be 12 February.
Ballot SC097: Sunset all remaining use of SHA-1 signatures in Certificates and CRLs
January 24, 2026 by Wayne ThayerVoting Results Certificate Issuers 26 votes in total:
January 24, 2026 by Wayne ThayerVoting Results Certificate Issuers 26 votes in total:
2026-01-15 Minutes of the Forum
January 15, 2026 by Martijn KaterbargMinutes: Begin Recording - Roll Call Read note-well Note read by Dimitris in the SCWG call
January 15, 2026 by Martijn KaterbargMinutes: Begin Recording - Roll Call Read note-well Note read by Dimitris in the SCWG call
2026-01-15 Minutes of the Server Certificate Working Group
January 15, 2026 by Wayne ThayerMinutes: Begin Recording - Roll Call Recording started
January 15, 2026 by Wayne ThayerMinutes: Begin Recording - Roll Call Recording started
Ballot SC094v2: DNSSEC exception in email DCV methods
January 15, 2026 by Wayne ThayerVoting Results Certificate Issuers 26 votes in total:
January 15, 2026 by Wayne ThayerVoting Results Certificate Issuers 26 votes in total:
Ballot SC096: Carve-out for DNSSEC verification logging requirements
January 14, 2026 by Wayne ThayerVoting Results Certificate Issuers 27 votes in total:
January 14, 2026 by Wayne ThayerVoting Results Certificate Issuers 27 votes in total:
Ballot SMC015v2: Allow mDL for authentication of individual identity
January 10, 2026 by Stephen Davidsoon[IPR Review] Ballot SMC015v2: Allow mDL for authentication of individual identityThis Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.3). This Review Period of 30 days is for one Final Maintenance Guidelines. The complete Draft Maintenance Guideline that is the subject of this Review Notice is attached to this email, and may be found at: https://cabforum.org/uploads/CA-Browser-Forum-SMIMEBR-1.0.13-Redline.pdf. Summary of Review Ballot for Review: Ballot SMC015v2: Allow mDL for authentication of individual identity
January 10, 2026 by Stephen Davidsoon[IPR Review] Ballot SMC015v2: Allow mDL for authentication of individual identityThis Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.3). This Review Period of 30 days is for one Final Maintenance Guidelines. The complete Draft Maintenance Guideline that is the subject of this Review Notice is attached to this email, and may be found at: https://cabforum.org/uploads/CA-Browser-Forum-SMIMEBR-1.0.13-Redline.pdf. Summary of Review Ballot for Review: Ballot SMC015v2: Allow mDL for authentication of individual identity
2025-12-18 Minutes of the Forum
December 18, 2025 by Final Minutes for CA/B Forum Plenary Meeting 2025-12-18Minutes: Opening: Dean Coclin (DigiCert) confirmed the recording was on and the Notewell was read. Attendance was taken. Minutes from December 4th were not yet released and would be addressed with Eva. Working Group Updates: Server Certificate Working Group: Dimitris Zacharopoulos (HARICA) provided an update: The WG reviewed open issues on GitHub, with many being incorporated into the cleanup ballot. Discussions led to progress and consensus on a path forward for several issues. Wayne Thayer (Fastly) provided an update on the previous Validation Subcommittee meeting. They continued discussion on Jacob Hoffman Andrew’s pull request to update the definition of ADN, which involves substantial changes to section 3.2.2.4 and is moving in the right direction. In that call, Clint also proposed a ballot regarding the use of RDAP in the EV Guidelines, as the guidelines only specified WHOIS. The conclusion was that since the definition of WHOIS includes the RDAP protocol in the Baseline Requirements, only a clarification was needed, and this would be added to the cleanup ballot. Code Signing Certificate Working Group: Martijn Katerbarg (Sectigo) reported a short call last week with limited participants, so there was no significant update. He hoped for more traction next year. S/MIME Certificate Working Group: Martijn Katerbarg (Sectigo) reported on the previous month’s call where the main topic was client authentication for SMTP servers. It was unclear if there was an impact on the ecosystem or if it slightly overlapped with the Server Certificate WG. No real details were decided on the direction for this topic. NetSec Working Group: No update. Definitions and Glossary Working Group: No update. Forum Infrastructure Subcommittee: Ben Wilson (Mozilla) stated that there had not been a call recently, so there was no update. Any Other Business: Dean Coclin (DigiCert) mentioned he received feedback on his proposal for a Member Emeritus category. He acknowledged the concerns and will come up with an alternative, providing an update after the new year. January 1st Meeting Cancellation: Dean Coclin (DigiCert) explained that he had attempted to cancel the 2026-01-01 meeting in the Webex account, but it had disappeared from the Webex portal, though it might still show on attendees’ calendars. He asked anyone with the invite on their calendar for 2026-01-01 to please delete it, as the meeting is not happening. Dimitris Zacharopoulos (HARICA) suggested adjusting recurring meeting dates, and Ben Wilson (Mozilla) speculated it might have been created before the CA/B Forum Webex account. Dean Coclin (DigiCert) also provided an update on the F2F Meeting in Houston, TX, from 2026-03-10 to 2026-03-12. Arrangements are progressing, and he encouraged attendees to register. Next Call & Adjournment: The next call will be on 2026-01-15. Dean Coclin (DigiCert) wished everyone a Happy New Year, Merry Christmas, and happy holidays, then adjourned the meeting. Attendees:
December 18, 2025 by Final Minutes for CA/B Forum Plenary Meeting 2025-12-18Minutes: Opening: Dean Coclin (DigiCert) confirmed the recording was on and the Notewell was read. Attendance was taken. Minutes from December 4th were not yet released and would be addressed with Eva. Working Group Updates: Server Certificate Working Group: Dimitris Zacharopoulos (HARICA) provided an update: The WG reviewed open issues on GitHub, with many being incorporated into the cleanup ballot. Discussions led to progress and consensus on a path forward for several issues. Wayne Thayer (Fastly) provided an update on the previous Validation Subcommittee meeting. They continued discussion on Jacob Hoffman Andrew’s pull request to update the definition of ADN, which involves substantial changes to section 3.2.2.4 and is moving in the right direction. In that call, Clint also proposed a ballot regarding the use of RDAP in the EV Guidelines, as the guidelines only specified WHOIS. The conclusion was that since the definition of WHOIS includes the RDAP protocol in the Baseline Requirements, only a clarification was needed, and this would be added to the cleanup ballot. Code Signing Certificate Working Group: Martijn Katerbarg (Sectigo) reported a short call last week with limited participants, so there was no significant update. He hoped for more traction next year. S/MIME Certificate Working Group: Martijn Katerbarg (Sectigo) reported on the previous month’s call where the main topic was client authentication for SMTP servers. It was unclear if there was an impact on the ecosystem or if it slightly overlapped with the Server Certificate WG. No real details were decided on the direction for this topic. NetSec Working Group: No update. Definitions and Glossary Working Group: No update. Forum Infrastructure Subcommittee: Ben Wilson (Mozilla) stated that there had not been a call recently, so there was no update. Any Other Business: Dean Coclin (DigiCert) mentioned he received feedback on his proposal for a Member Emeritus category. He acknowledged the concerns and will come up with an alternative, providing an update after the new year. January 1st Meeting Cancellation: Dean Coclin (DigiCert) explained that he had attempted to cancel the 2026-01-01 meeting in the Webex account, but it had disappeared from the Webex portal, though it might still show on attendees’ calendars. He asked anyone with the invite on their calendar for 2026-01-01 to please delete it, as the meeting is not happening. Dimitris Zacharopoulos (HARICA) suggested adjusting recurring meeting dates, and Ben Wilson (Mozilla) speculated it might have been created before the CA/B Forum Webex account. Dean Coclin (DigiCert) also provided an update on the F2F Meeting in Houston, TX, from 2026-03-10 to 2026-03-12. Arrangements are progressing, and he encouraged attendees to register. Next Call & Adjournment: The next call will be on 2026-01-15. Dean Coclin (DigiCert) wished everyone a Happy New Year, Merry Christmas, and happy holidays, then adjourned the meeting. Attendees: