CA/Browser Forum posts
Ballot SMC014: DNSSEC for CAA
August 15, 2025 by Stephen DavidsoonBallot SMC014: DNSSEC for CAASummary: New version of the ballot text with minor text changes, restarting discussion period.
August 15, 2025 by Stephen DavidsoonBallot SMC014: DNSSEC for CAASummary: New version of the ballot text with minor text changes, restarting discussion period.
Ballot SC-089: Mass Revocation Planning
July 22, 2025 by Wayne ThayerVoting Results Certificate Issuers 30 votes in total:
July 22, 2025 by Wayne ThayerVoting Results Certificate Issuers 30 votes in total:
2025-07-10 Minutes of the Code Signing Certificate Working Group
July 10, 2025 by Code Signing Certificate Working Group Meeting Minutes – July 10th, 2025Note Well The Note Well was read.
July 10, 2025 by Code Signing Certificate Working Group Meeting Minutes – July 10th, 2025Note Well The Note Well was read.
2025-07-02 Minutes of the S/MIME Certificate Working Group
July 2, 2025 by Minutes of SMCWG July 2, 2025 These are the Minutes of the meeting described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.
July 2, 2025 by Minutes of SMCWG July 2, 2025 These are the Minutes of the meeting described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.
Ballot SMC013: Enable PQC Algorithms for S/MIME
July 2, 2025 by Stephen DavidsoonThe Intellectual Property Review (IPR) period for Ballot SMC013 (Enable PQC Algorithms for S/MIME) has completed. No IPR Exclusion Notices were filed, and the ballot is adopted as of August 22, 2025. The new S/MIME BR v.1.0.11 have been published to the CABF public website in accordance with the Bylaws: https://cabforum.org/uploads/CA-Browser-Forum-SMIMEBR-1.0.11.pdf IPR Review of Ballot SMC013: Enable PQC Algorithms for S/MIME This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.3). This Review Period of 30 days is for one Final Maintenance Guidelines. The complete Draft Maintenance Guideline that is the subject of this Review Notice is attached to this email, and may be found at: https://cabforum.org/uploads/CA-Browser-Forum-SMIMEBR-1.0.11-Redline.pdf
July 2, 2025 by Stephen DavidsoonThe Intellectual Property Review (IPR) period for Ballot SMC013 (Enable PQC Algorithms for S/MIME) has completed. No IPR Exclusion Notices were filed, and the ballot is adopted as of August 22, 2025. The new S/MIME BR v.1.0.11 have been published to the CABF public website in accordance with the Bylaws: https://cabforum.org/uploads/CA-Browser-Forum-SMIMEBR-1.0.11.pdf IPR Review of Ballot SMC013: Enable PQC Algorithms for S/MIME This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.3). This Review Period of 30 days is for one Final Maintenance Guidelines. The complete Draft Maintenance Guideline that is the subject of this Review Notice is attached to this email, and may be found at: https://cabforum.org/uploads/CA-Browser-Forum-SMIMEBR-1.0.11-Redline.pdf
2025-06-26 Minutes of the Code Signing Certificate Working Group
June 26, 2025 by Certificate Signing Certificate Working Group (CSCWG) – Meeting MinutesDate: June 26, 2025 Note Well The Note Well was read.
June 26, 2025 by Certificate Signing Certificate Working Group (CSCWG) – Meeting MinutesDate: June 26, 2025 Note Well The Note Well was read.
Ballot SC-085v2: Require Validation of DNSSEC (when present) for CAA and DCV Lookups
June 18, 2025 by Wayne ThayerVoting Results Certificate Issuers 25 votes in total:
June 18, 2025 by Wayne ThayerVoting Results Certificate Issuers 25 votes in total:
2025-06-12 Minutes of the Code Signing Certificate Working Group
June 12, 2025 by These are the Final Minutes of the CSCWG F2F Meeting as prepared by Brianca Martin. Martijn read the Antitrust statement. Adopted agenda as presented. Discussion topics Discussion Topic: Migration to a single profile Microsoft introduced this topic 1 year ago. Are there specific items that we want to bring to a single profile? Karina from Microsoft: Need to understand where the line is we want to draw. Goal is to keep them closer to EV, uplevel all code signing certificates to keep as much identify/information as we can. Suggestion from Martijn to go through section to indentify each section that needs to be removed. Karina suggested we have an offline discussion to review the fields. Martijn suggested to use GitHub. Send Karina an email if you want to participate in this discussion. Brianca asked what the end goal is or if there is a timeline driving this requirement. Karina - Goal is that every certificate is EV. Bruce from Entrust expressed that EV may not support all subscribers. May have to change the EV rules. Rather than having all EV characteristics they have the Org ID which provides third party information about the subscriber. Consider using another number in the Org ID Karina would like data to understand how many subscribers OV doesn’t work for and why. The average consumer should be able to see who signed the code. Bruce stated that the Non-EV side allows “”, EV does not. Consider eliminating OV for individuals. Document signing required face to face verification, code signing does not. Code signing certificates most to sign malware. Martijn shared a recent example about a reason to include face to face verification. Karina emphasized that she is open to carve outs. Corey shared a DV-style for code signing that may be useful for certificates without an organization. Martijn Corey shared that publicly trusted certificates use “”, we may be able to use that for code signing. Martijn will start a branch on GitHub to start the process. Discussion Topic: Reduction of maximum certificate validity *No updates from Microsoft
June 12, 2025 by These are the Final Minutes of the CSCWG F2F Meeting as prepared by Brianca Martin. Martijn read the Antitrust statement. Adopted agenda as presented. Discussion topics Discussion Topic: Migration to a single profile Microsoft introduced this topic 1 year ago. Are there specific items that we want to bring to a single profile? Karina from Microsoft: Need to understand where the line is we want to draw. Goal is to keep them closer to EV, uplevel all code signing certificates to keep as much identify/information as we can. Suggestion from Martijn to go through section to indentify each section that needs to be removed. Karina suggested we have an offline discussion to review the fields. Martijn suggested to use GitHub. Send Karina an email if you want to participate in this discussion. Brianca asked what the end goal is or if there is a timeline driving this requirement. Karina - Goal is that every certificate is EV. Bruce from Entrust expressed that EV may not support all subscribers. May have to change the EV rules. Rather than having all EV characteristics they have the Org ID which provides third party information about the subscriber. Consider using another number in the Org ID Karina would like data to understand how many subscribers OV doesn’t work for and why. The average consumer should be able to see who signed the code. Bruce stated that the Non-EV side allows “”, EV does not. Consider eliminating OV for individuals. Document signing required face to face verification, code signing does not. Code signing certificates most to sign malware. Martijn shared a recent example about a reason to include face to face verification. Karina emphasized that she is open to carve outs. Corey shared a DV-style for code signing that may be useful for certificates without an organization. Martijn Corey shared that publicly trusted certificates use “”, we may be able to use that for code signing. Martijn will start a branch on GitHub to start the process. Discussion Topic: Reduction of maximum certificate validity *No updates from Microsoft
2025-06-12 Minutes of the S/MIME Certificate Working Group
June 12, 2025 by Minutes of SMCWG June 12, 2025 (Day 3 of F2F #65 in Toronto)
June 12, 2025 by Minutes of SMCWG June 12, 2025 (Day 3 of F2F #65 in Toronto)
Minutes of the F2F 65 Meeting in Toronto, Canada - SCWG, June 11, 2025
June 11, 2025 by Dimitris ZacharopoulosSCWG Minutes on Day 2 Wednesday, 11 June 2025, of the F2F 64 Meeting in Toronto, CanadaAttendance Wayne Thayer (Fastly), Dean Coclin (DigiCert), Tim Callan (Sectigo), Enrico Entschew (D-Trust), Andreas Henschel (D-Trust), JinHwan Shin (Deloitte KOREA), Masatoshi Shigaki (KPMG Japan),, Brian Hsiung (Sunrise CPA), Adam Frock (BDO), Yannick Thomassier (Certinomis), Tadahiko Ito (Secoom), Fumiaki Ono (Secom), Chris Clements (Chrome), Ryan Dickson (Chrome), David Adrian (Chrome), Josselin Allemandou (Certigna), Romain Delval (Certigna), Chad Dandar (Cisco), Ben Wilson (Mozilla), Tim Crawford (WebTrust/BDO), Chris Czajczyc (Deloitte), Scott Rea (wMudhra), Rebecca Kelley (SSL.com), Leo Grove (SSL.com), Luis Cervantes (SSL.com), Eric Cramer (Sectigo), Martijn Katerbarg (Sectigo), Nick France (Sectigo), Henry Lam (Sectigo), Tsung-Min Kuo (Chunghwa Telecom), Jay Wilson (Sectigo), Rob Stradling (Sectigo), Karina Goodley (Microsoft), Lora Randolph (Microsoft), Matthre McPherrin (Let’s Encrypt), Arnold Essing (Telekom Security), David Hsiu (KPMG Taiwan), Christophe Bonjean (Globalsign), Eva Van Steenberge (Globalsign), Gregory Tomko (GlobalSign),, Tim Hollebeek (DigiCert), Brianca Martin (Amazon Trust Services), Trevoli Ponds-White (Amazon Trust Services), Michael Slaughter (Amazon Trust Services), Aaron Poulsen (Amazon Trust Serivices), Jeremy Rowley (DigiCert), John Sarapeta (Google Trust Services),Nicol So (CommScope), Sandy Balzer (SwissSign), Jaime Hablutzel (WISeKey), Atsushi Inaba (Globalsign), Llew Curran (GoDaddy), Rollin Yu (TrustAsia), Jieun Seong (MOIS), Jozef Nigut (Disig), Kateryna Aleksieieva (Certum), Corey Rasmussen (OATI), Michelle Coon (OATI), Kate Xu (TrustAsia), Eric Hampshire (Cisco), Hisashi Kamo (Secom), Steven Diette (GoDaddy), John Mason (Microsoft), Pekka Lahtiharju (Telia), Tobias Josefowitz (Opera), Xiu Lei (GDCA), Aaron Gable (ISRG), Nate Smith (GoDaddy), Quan Nham (Fastly), Huang Nome (TrustAsia), Masaru Sakamoto (Cybertrust Japan), Renne Rodriguez (Apple), Rich Smith (DigiCert), Li-Chun Chen (Chunghwa Telecom), Masaru Sakamoto (CyberTrust Japan), Roman Fischer (SwissSign), Wendy Brown (FPKIMA), Hogeun Yoo (NAVER Cloud), Zurina Zolkaffly (MSC Trustgate), Clemens Wanko (ACAB’c / TUV AUSTRIA), Paul van Brouwershaven (SSL.com), Jos Purvis (Fastly), Eamon Zhang (TrustAsia), Peter Miskovic (Disig), Marco Schambach (IdenTrust), uis Osses (Amazon Trust Services), Matthias Wiedenhorst (ACAB’c), Jun Okura (CyberTrust), Nargis Mannan (VikingCloud), Adrian Mueller (SwissSign), Thanos Vrachnos (SSL.com), Hazhar Ismail (MSC Trustgate), Adriano Santoni (Actalis).
June 11, 2025 by Dimitris ZacharopoulosSCWG Minutes on Day 2 Wednesday, 11 June 2025, of the F2F 64 Meeting in Toronto, CanadaAttendance Wayne Thayer (Fastly), Dean Coclin (DigiCert), Tim Callan (Sectigo), Enrico Entschew (D-Trust), Andreas Henschel (D-Trust), JinHwan Shin (Deloitte KOREA), Masatoshi Shigaki (KPMG Japan),, Brian Hsiung (Sunrise CPA), Adam Frock (BDO), Yannick Thomassier (Certinomis), Tadahiko Ito (Secoom), Fumiaki Ono (Secom), Chris Clements (Chrome), Ryan Dickson (Chrome), David Adrian (Chrome), Josselin Allemandou (Certigna), Romain Delval (Certigna), Chad Dandar (Cisco), Ben Wilson (Mozilla), Tim Crawford (WebTrust/BDO), Chris Czajczyc (Deloitte), Scott Rea (wMudhra), Rebecca Kelley (SSL.com), Leo Grove (SSL.com), Luis Cervantes (SSL.com), Eric Cramer (Sectigo), Martijn Katerbarg (Sectigo), Nick France (Sectigo), Henry Lam (Sectigo), Tsung-Min Kuo (Chunghwa Telecom), Jay Wilson (Sectigo), Rob Stradling (Sectigo), Karina Goodley (Microsoft), Lora Randolph (Microsoft), Matthre McPherrin (Let’s Encrypt), Arnold Essing (Telekom Security), David Hsiu (KPMG Taiwan), Christophe Bonjean (Globalsign), Eva Van Steenberge (Globalsign), Gregory Tomko (GlobalSign),, Tim Hollebeek (DigiCert), Brianca Martin (Amazon Trust Services), Trevoli Ponds-White (Amazon Trust Services), Michael Slaughter (Amazon Trust Services), Aaron Poulsen (Amazon Trust Serivices), Jeremy Rowley (DigiCert), John Sarapeta (Google Trust Services),Nicol So (CommScope), Sandy Balzer (SwissSign), Jaime Hablutzel (WISeKey), Atsushi Inaba (Globalsign), Llew Curran (GoDaddy), Rollin Yu (TrustAsia), Jieun Seong (MOIS), Jozef Nigut (Disig), Kateryna Aleksieieva (Certum), Corey Rasmussen (OATI), Michelle Coon (OATI), Kate Xu (TrustAsia), Eric Hampshire (Cisco), Hisashi Kamo (Secom), Steven Diette (GoDaddy), John Mason (Microsoft), Pekka Lahtiharju (Telia), Tobias Josefowitz (Opera), Xiu Lei (GDCA), Aaron Gable (ISRG), Nate Smith (GoDaddy), Quan Nham (Fastly), Huang Nome (TrustAsia), Masaru Sakamoto (Cybertrust Japan), Renne Rodriguez (Apple), Rich Smith (DigiCert), Li-Chun Chen (Chunghwa Telecom), Masaru Sakamoto (CyberTrust Japan), Roman Fischer (SwissSign), Wendy Brown (FPKIMA), Hogeun Yoo (NAVER Cloud), Zurina Zolkaffly (MSC Trustgate), Clemens Wanko (ACAB’c / TUV AUSTRIA), Paul van Brouwershaven (SSL.com), Jos Purvis (Fastly), Eamon Zhang (TrustAsia), Peter Miskovic (Disig), Marco Schambach (IdenTrust), uis Osses (Amazon Trust Services), Matthias Wiedenhorst (ACAB’c), Jun Okura (CyberTrust), Nargis Mannan (VikingCloud), Adrian Mueller (SwissSign), Thanos Vrachnos (SSL.com), Hazhar Ismail (MSC Trustgate), Adriano Santoni (Actalis).