CA/Browser Forum posts
2025-12-11 Minutes of the Code Signing Certificate Working Group
December 11, 2025 by Code Signing Working Group – Meeting MinutesDate: 11 December 1. Antitrust Reminder (Note Well) The Note Well was read
December 11, 2025 by Code Signing Working Group – Meeting MinutesDate: 11 December 1. Antitrust Reminder (Note Well) The Note Well was read
2025-12-04 Minutes of the Forum
December 4, 2025 by Final Minutes of CA/B Forum meeting December 4, 2025 Approval of minutes: November 6th minutes: approved F2F minutes: approved Server Certificate Working Group update (Dimitris): Summary of November 20th meetings. Basically: summary of the ballots, not much progress. Validation: no meeting last week. Code Signing Certificate Working Group update (Martijn): no updates. Next meeting next week. S/MIME Certificate Working Group update (Stephen): invited guests. SMIME BR has made improvement over time in the security of the ecosystem. Additional study: relatively high occurrence of key-reuse. Topic for 2026. Number of ballots for the new year, relating to pseudonyms and mobile driver licenses. Upcoming discussions: SMTP to SMTP, close enough to SMIME to find out what the problem is. Next steps to be determined. NetSec Working Group update (Clint): Not much discussion on the re-write, but next steps on cloud services. Very specific use cases, implementation guidance. No specific driver for that though. Definitions and Glossary Working Group (Tim H.): Waiting for resource to become available. Forum Infrastructure Subcommittee update (Jos): No update. Membership tools are down at the moment. This may delay sending out emails of recordings and minutes, just the automated ones. Any Other Business: Proposal for new Membership category. Action to put in a ballot – will put a draft ballot forward in the next week. Next call: Dec 18, 2025 Attendees: Aaron Gable (Let’s Encrypt), Aaron Poulsen (Amazon), Adriano Santoni (Actalis S.p.A.), Alvin Wang (SHECA), Antti Backman (Telia Company), Ben Wilson (Mozilla), Chad Dandar (Cisco Systems), Chris Clements (Google), Clint Wilson (Apple), Corey Bonnell (DigiCert), Cynethia Brown (US Federal PKI Management Authority), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Apple), Enrico Entschew (D-TRUST), Eric Kramer (Sectigo), Eva Vansteenberge (GlobalSign), Hogeun Yoo (NAVER Cloud Trust Services), Inaba Atsushi (GlobalSign), Iñigo Barreira (Sectigo), Jaime Hablutzel (OISTE Foundation), Jeanette Snook (Visa), Jeff Ward (CPA Canada/WebTrust), Johnny Reading (GoDaddy), Jun Okura (Cybertrust Japan), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Lilia Dubko (CPA Canada/WebTrust), Lucy Buecking (IdenTrust), Mahua Chaudhuri (Microsoft), Marco Schambach (IdenTrust), Martijn Katerbarg (Sectigo), Masaru Sakamoto (Cybertrust Japan), Matthew McPherrin (Let’s Encrypt), Michael Slaughter (Amazon), Michelle Coon (OATI), Nargis Mannan (VikingCloud), Nate Smith (GoDaddy), Nome Huang (TrustAsia), Ono Fumiaki (SECOM Trust Systems), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelly (SSL.com), Rollin Yu (TrustAsia), Roman Fischer (SwissSign), Ryan Dickson (Google), Sandy Balzer (SwissSign), Scott Rea (eMudhra), Sean Huang (TWCA), Stephen Davidson (DigiCert), Steven Deitte (GoDaddy), Tobias Josefowitz (Opera Software AS), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yamian Quintero (Microsoft)
December 4, 2025 by Final Minutes of CA/B Forum meeting December 4, 2025 Approval of minutes: November 6th minutes: approved F2F minutes: approved Server Certificate Working Group update (Dimitris): Summary of November 20th meetings. Basically: summary of the ballots, not much progress. Validation: no meeting last week. Code Signing Certificate Working Group update (Martijn): no updates. Next meeting next week. S/MIME Certificate Working Group update (Stephen): invited guests. SMIME BR has made improvement over time in the security of the ecosystem. Additional study: relatively high occurrence of key-reuse. Topic for 2026. Number of ballots for the new year, relating to pseudonyms and mobile driver licenses. Upcoming discussions: SMTP to SMTP, close enough to SMIME to find out what the problem is. Next steps to be determined. NetSec Working Group update (Clint): Not much discussion on the re-write, but next steps on cloud services. Very specific use cases, implementation guidance. No specific driver for that though. Definitions and Glossary Working Group (Tim H.): Waiting for resource to become available. Forum Infrastructure Subcommittee update (Jos): No update. Membership tools are down at the moment. This may delay sending out emails of recordings and minutes, just the automated ones. Any Other Business: Proposal for new Membership category. Action to put in a ballot – will put a draft ballot forward in the next week. Next call: Dec 18, 2025 Attendees: Aaron Gable (Let’s Encrypt), Aaron Poulsen (Amazon), Adriano Santoni (Actalis S.p.A.), Alvin Wang (SHECA), Antti Backman (Telia Company), Ben Wilson (Mozilla), Chad Dandar (Cisco Systems), Chris Clements (Google), Clint Wilson (Apple), Corey Bonnell (DigiCert), Cynethia Brown (US Federal PKI Management Authority), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Apple), Enrico Entschew (D-TRUST), Eric Kramer (Sectigo), Eva Vansteenberge (GlobalSign), Hogeun Yoo (NAVER Cloud Trust Services), Inaba Atsushi (GlobalSign), Iñigo Barreira (Sectigo), Jaime Hablutzel (OISTE Foundation), Jeanette Snook (Visa), Jeff Ward (CPA Canada/WebTrust), Johnny Reading (GoDaddy), Jun Okura (Cybertrust Japan), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Lilia Dubko (CPA Canada/WebTrust), Lucy Buecking (IdenTrust), Mahua Chaudhuri (Microsoft), Marco Schambach (IdenTrust), Martijn Katerbarg (Sectigo), Masaru Sakamoto (Cybertrust Japan), Matthew McPherrin (Let’s Encrypt), Michael Slaughter (Amazon), Michelle Coon (OATI), Nargis Mannan (VikingCloud), Nate Smith (GoDaddy), Nome Huang (TrustAsia), Ono Fumiaki (SECOM Trust Systems), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelly (SSL.com), Rollin Yu (TrustAsia), Roman Fischer (SwissSign), Ryan Dickson (Google), Sandy Balzer (SwissSign), Scott Rea (eMudhra), Sean Huang (TWCA), Stephen Davidson (DigiCert), Steven Deitte (GoDaddy), Tobias Josefowitz (Opera Software AS), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yamian Quintero (Microsoft)
2025-12-04 Minutes of the Server Certificate Working Group
December 4, 2025 by Wayne Thayer1. Roll Call and Housekeeping Roll Call from Webex. Technical issues with membership tool is being worked on. Manual capturing attendance. Comment by Martijn Katerbarg (Sectigo) that it will be auto-run.
December 4, 2025 by Wayne Thayer1. Roll Call and Housekeeping Roll Call from Webex. Technical issues with membership tool is being worked on. Manual capturing attendance. Comment by Martijn Katerbarg (Sectigo) that it will be auto-run.
2025-12-03 Minutes of the S/MIME Certificate Working Group
December 3, 2025 by Minutes of SMCWG December 3, 2025 These are the Minutes of the meeting described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.
December 3, 2025 by Minutes of SMCWG December 3, 2025 These are the Minutes of the meeting described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.
2025-11-20 Minutes of the Forum
November 20, 2025 by Minutes for CA/B Forum Plenary Teleconference 2025-11-06Minutes Meeting minutes for November 6th were approved. Dean said that the summer F2F meetings for the next few years have been cancelled.
November 20, 2025 by Minutes for CA/B Forum Plenary Teleconference 2025-11-06Minutes Meeting minutes for November 6th were approved. Dean said that the summer F2F meetings for the next few years have been cancelled.
2025-11-20 Minutes of the Server Certificate Working Group
November 20, 2025 by Wayne ThayerDimitris read the note well. Meeting minutes for November 6th were approved. Dimitris provided the current ballot status (as indicated in agenda). The status for ballots under consideration was provided by various members:
November 20, 2025 by Wayne ThayerDimitris read the note well. Meeting minutes for November 6th were approved. Dimitris provided the current ballot status (as indicated in agenda). The status for ballots under consideration was provided by various members:
Ballot SC-090: Gradually sunset all remaining email-based, phone-based, and ‘crossover’ validation methods from Sections 3.2.2.4 and 3.2.2.5
November 20, 2025 by Wayne ThayerVoting Results Certificate Issuers 27 votes in total:
November 20, 2025 by Wayne ThayerVoting Results Certificate Issuers 27 votes in total:
Ballot CSC-31: Maximum Validity Reduction
November 17, 2025 by The Intellectual Property Review (IPR) period for Ballot CSC-31 (Ballot CSC-31: Maximum Validity Reduction) has completed. No IPR Exclusion Notices were filed, and the ballot is adopted as of November 17, 2025. The new CSC BRs v3.10.0 have been published to the CABF public website in accordance with the Bylaws: https://cabforum.org/uploads/CA-Browser-Forum-CSCBR-3.10.0.pdf IPR Review of Ballot CSC-31: Maximum Validity Reduction This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.3). This Review Period of 30 days is for one Final Maintenance Guidelines. The complete Draft Maintenance Guideline that is the subject of this Review Notice is attached to this email.
November 17, 2025 by The Intellectual Property Review (IPR) period for Ballot CSC-31 (Ballot CSC-31: Maximum Validity Reduction) has completed. No IPR Exclusion Notices were filed, and the ballot is adopted as of November 17, 2025. The new CSC BRs v3.10.0 have been published to the CABF public website in accordance with the Bylaws: https://cabforum.org/uploads/CA-Browser-Forum-CSCBR-3.10.0.pdf IPR Review of Ballot CSC-31: Maximum Validity Reduction This Review Notice is sent pursuant to Section 4.1 of the CA/Browser Forum’s Intellectual Property Rights Policy (v1.3). This Review Period of 30 days is for one Final Maintenance Guidelines. The complete Draft Maintenance Guideline that is the subject of this Review Notice is attached to this email.
2025-11-13 Minutes of the Code Signing Certificate Working Group
November 13, 2025 by Certificate Signing Certificate Working Group (CSCWG) – Meeting MinutesDate: November 13, 2025 Note Well Inigo read the Note Well
November 13, 2025 by Certificate Signing Certificate Working Group (CSCWG) – Meeting MinutesDate: November 13, 2025 Note Well Inigo read the Note Well
Ballot SC-091: Sunset 3.2.2.5.3 Reverse Address Lookup Validation, proposal of new DNS-based validation using Persistent DCV TXT Record for IP addresses
November 12, 2025 by Wayne ThayerVoting Results Certificate Issuers 24 votes in total:
November 12, 2025 by Wayne ThayerVoting Results Certificate Issuers 24 votes in total: