CA/Browser Forum posts
Posts by tag Forum
2025-12-18 Minutes of the Forum
December 18, 2025 by Final Minutes for CA/B Forum Plenary Meeting 2025-12-18Minutes: Opening: Dean Coclin (DigiCert) confirmed the recording was on and the Notewell was read. Attendance was taken. Minutes from December 4th were not yet released and would be addressed with Eva. Working Group Updates: Server Certificate Working Group: Dimitris Zacharopoulos (HARICA) provided an update: The WG reviewed open issues on GitHub, with many being incorporated into the cleanup ballot. Discussions led to progress and consensus on a path forward for several issues. Wayne Thayer (Fastly) provided an update on the previous Validation Subcommittee meeting. They continued discussion on Jacob Hoffman Andrew’s pull request to update the definition of ADN, which involves substantial changes to section 3.2.2.4 and is moving in the right direction. In that call, Clint also proposed a ballot regarding the use of RDAP in the EV Guidelines, as the guidelines only specified WHOIS. The conclusion was that since the definition of WHOIS includes the RDAP protocol in the Baseline Requirements, only a clarification was needed, and this would be added to the cleanup ballot. Code Signing Certificate Working Group: Martijn Katerbarg (Sectigo) reported a short call last week with limited participants, so there was no significant update. He hoped for more traction next year. S/MIME Certificate Working Group: Martijn Katerbarg (Sectigo) reported on the previous month’s call where the main topic was client authentication for SMTP servers. It was unclear if there was an impact on the ecosystem or if it slightly overlapped with the Server Certificate WG. No real details were decided on the direction for this topic. NetSec Working Group: No update. Definitions and Glossary Working Group: No update. Forum Infrastructure Subcommittee: Ben Wilson (Mozilla) stated that there had not been a call recently, so there was no update. Any Other Business: Dean Coclin (DigiCert) mentioned he received feedback on his proposal for a Member Emeritus category. He acknowledged the concerns and will come up with an alternative, providing an update after the new year. January 1st Meeting Cancellation: Dean Coclin (DigiCert) explained that he had attempted to cancel the 2026-01-01 meeting in the Webex account, but it had disappeared from the Webex portal, though it might still show on attendees’ calendars. He asked anyone with the invite on their calendar for 2026-01-01 to please delete it, as the meeting is not happening. Dimitris Zacharopoulos (HARICA) suggested adjusting recurring meeting dates, and Ben Wilson (Mozilla) speculated it might have been created before the CA/B Forum Webex account. Dean Coclin (DigiCert) also provided an update on the F2F Meeting in Houston, TX, from 2026-03-10 to 2026-03-12. Arrangements are progressing, and he encouraged attendees to register. Next Call & Adjournment: The next call will be on 2026-01-15. Dean Coclin (DigiCert) wished everyone a Happy New Year, Merry Christmas, and happy holidays, then adjourned the meeting. Attendees:
December 18, 2025 by Final Minutes for CA/B Forum Plenary Meeting 2025-12-18Minutes: Opening: Dean Coclin (DigiCert) confirmed the recording was on and the Notewell was read. Attendance was taken. Minutes from December 4th were not yet released and would be addressed with Eva. Working Group Updates: Server Certificate Working Group: Dimitris Zacharopoulos (HARICA) provided an update: The WG reviewed open issues on GitHub, with many being incorporated into the cleanup ballot. Discussions led to progress and consensus on a path forward for several issues. Wayne Thayer (Fastly) provided an update on the previous Validation Subcommittee meeting. They continued discussion on Jacob Hoffman Andrew’s pull request to update the definition of ADN, which involves substantial changes to section 3.2.2.4 and is moving in the right direction. In that call, Clint also proposed a ballot regarding the use of RDAP in the EV Guidelines, as the guidelines only specified WHOIS. The conclusion was that since the definition of WHOIS includes the RDAP protocol in the Baseline Requirements, only a clarification was needed, and this would be added to the cleanup ballot. Code Signing Certificate Working Group: Martijn Katerbarg (Sectigo) reported a short call last week with limited participants, so there was no significant update. He hoped for more traction next year. S/MIME Certificate Working Group: Martijn Katerbarg (Sectigo) reported on the previous month’s call where the main topic was client authentication for SMTP servers. It was unclear if there was an impact on the ecosystem or if it slightly overlapped with the Server Certificate WG. No real details were decided on the direction for this topic. NetSec Working Group: No update. Definitions and Glossary Working Group: No update. Forum Infrastructure Subcommittee: Ben Wilson (Mozilla) stated that there had not been a call recently, so there was no update. Any Other Business: Dean Coclin (DigiCert) mentioned he received feedback on his proposal for a Member Emeritus category. He acknowledged the concerns and will come up with an alternative, providing an update after the new year. January 1st Meeting Cancellation: Dean Coclin (DigiCert) explained that he had attempted to cancel the 2026-01-01 meeting in the Webex account, but it had disappeared from the Webex portal, though it might still show on attendees’ calendars. He asked anyone with the invite on their calendar for 2026-01-01 to please delete it, as the meeting is not happening. Dimitris Zacharopoulos (HARICA) suggested adjusting recurring meeting dates, and Ben Wilson (Mozilla) speculated it might have been created before the CA/B Forum Webex account. Dean Coclin (DigiCert) also provided an update on the F2F Meeting in Houston, TX, from 2026-03-10 to 2026-03-12. Arrangements are progressing, and he encouraged attendees to register. Next Call & Adjournment: The next call will be on 2026-01-15. Dean Coclin (DigiCert) wished everyone a Happy New Year, Merry Christmas, and happy holidays, then adjourned the meeting. Attendees:
2025-12-04 Minutes of the Forum
December 4, 2025 by Final Minutes of CA/B Forum meeting December 4, 2025 Approval of minutes: November 6th minutes: approved F2F minutes: approved Server Certificate Working Group update (Dimitris): Summary of November 20th meetings. Basically: summary of the ballots, not much progress. Validation: no meeting last week. Code Signing Certificate Working Group update (Martijn): no updates. Next meeting next week. S/MIME Certificate Working Group update (Stephen): invited guests. SMIME BR has made improvement over time in the security of the ecosystem. Additional study: relatively high occurrence of key-reuse. Topic for 2026. Number of ballots for the new year, relating to pseudonyms and mobile driver licenses. Upcoming discussions: SMTP to SMTP, close enough to SMIME to find out what the problem is. Next steps to be determined. NetSec Working Group update (Clint): Not much discussion on the re-write, but next steps on cloud services. Very specific use cases, implementation guidance. No specific driver for that though. Definitions and Glossary Working Group (Tim H.): Waiting for resource to become available. Forum Infrastructure Subcommittee update (Jos): No update. Membership tools are down at the moment. This may delay sending out emails of recordings and minutes, just the automated ones. Any Other Business: Proposal for new Membership category. Action to put in a ballot – will put a draft ballot forward in the next week. Next call: Dec 18, 2025 Attendees: Aaron Gable (Let’s Encrypt), Aaron Poulsen (Amazon), Adriano Santoni (Actalis S.p.A.), Alvin Wang (SHECA), Antti Backman (Telia Company), Ben Wilson (Mozilla), Chad Dandar (Cisco Systems), Chris Clements (Google), Clint Wilson (Apple), Corey Bonnell (DigiCert), Cynethia Brown (US Federal PKI Management Authority), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Apple), Enrico Entschew (D-TRUST), Eric Kramer (Sectigo), Eva Vansteenberge (GlobalSign), Hogeun Yoo (NAVER Cloud Trust Services), Inaba Atsushi (GlobalSign), Iñigo Barreira (Sectigo), Jaime Hablutzel (OISTE Foundation), Jeanette Snook (Visa), Jeff Ward (CPA Canada/WebTrust), Johnny Reading (GoDaddy), Jun Okura (Cybertrust Japan), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Lilia Dubko (CPA Canada/WebTrust), Lucy Buecking (IdenTrust), Mahua Chaudhuri (Microsoft), Marco Schambach (IdenTrust), Martijn Katerbarg (Sectigo), Masaru Sakamoto (Cybertrust Japan), Matthew McPherrin (Let’s Encrypt), Michael Slaughter (Amazon), Michelle Coon (OATI), Nargis Mannan (VikingCloud), Nate Smith (GoDaddy), Nome Huang (TrustAsia), Ono Fumiaki (SECOM Trust Systems), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelly (SSL.com), Rollin Yu (TrustAsia), Roman Fischer (SwissSign), Ryan Dickson (Google), Sandy Balzer (SwissSign), Scott Rea (eMudhra), Sean Huang (TWCA), Stephen Davidson (DigiCert), Steven Deitte (GoDaddy), Tobias Josefowitz (Opera Software AS), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yamian Quintero (Microsoft)
December 4, 2025 by Final Minutes of CA/B Forum meeting December 4, 2025 Approval of minutes: November 6th minutes: approved F2F minutes: approved Server Certificate Working Group update (Dimitris): Summary of November 20th meetings. Basically: summary of the ballots, not much progress. Validation: no meeting last week. Code Signing Certificate Working Group update (Martijn): no updates. Next meeting next week. S/MIME Certificate Working Group update (Stephen): invited guests. SMIME BR has made improvement over time in the security of the ecosystem. Additional study: relatively high occurrence of key-reuse. Topic for 2026. Number of ballots for the new year, relating to pseudonyms and mobile driver licenses. Upcoming discussions: SMTP to SMTP, close enough to SMIME to find out what the problem is. Next steps to be determined. NetSec Working Group update (Clint): Not much discussion on the re-write, but next steps on cloud services. Very specific use cases, implementation guidance. No specific driver for that though. Definitions and Glossary Working Group (Tim H.): Waiting for resource to become available. Forum Infrastructure Subcommittee update (Jos): No update. Membership tools are down at the moment. This may delay sending out emails of recordings and minutes, just the automated ones. Any Other Business: Proposal for new Membership category. Action to put in a ballot – will put a draft ballot forward in the next week. Next call: Dec 18, 2025 Attendees: Aaron Gable (Let’s Encrypt), Aaron Poulsen (Amazon), Adriano Santoni (Actalis S.p.A.), Alvin Wang (SHECA), Antti Backman (Telia Company), Ben Wilson (Mozilla), Chad Dandar (Cisco Systems), Chris Clements (Google), Clint Wilson (Apple), Corey Bonnell (DigiCert), Cynethia Brown (US Federal PKI Management Authority), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Apple), Enrico Entschew (D-TRUST), Eric Kramer (Sectigo), Eva Vansteenberge (GlobalSign), Hogeun Yoo (NAVER Cloud Trust Services), Inaba Atsushi (GlobalSign), Iñigo Barreira (Sectigo), Jaime Hablutzel (OISTE Foundation), Jeanette Snook (Visa), Jeff Ward (CPA Canada/WebTrust), Johnny Reading (GoDaddy), Jun Okura (Cybertrust Japan), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Lilia Dubko (CPA Canada/WebTrust), Lucy Buecking (IdenTrust), Mahua Chaudhuri (Microsoft), Marco Schambach (IdenTrust), Martijn Katerbarg (Sectigo), Masaru Sakamoto (Cybertrust Japan), Matthew McPherrin (Let’s Encrypt), Michael Slaughter (Amazon), Michelle Coon (OATI), Nargis Mannan (VikingCloud), Nate Smith (GoDaddy), Nome Huang (TrustAsia), Ono Fumiaki (SECOM Trust Systems), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelly (SSL.com), Rollin Yu (TrustAsia), Roman Fischer (SwissSign), Ryan Dickson (Google), Sandy Balzer (SwissSign), Scott Rea (eMudhra), Sean Huang (TWCA), Stephen Davidson (DigiCert), Steven Deitte (GoDaddy), Tobias Josefowitz (Opera Software AS), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Yamian Quintero (Microsoft)
2025-11-20 Minutes of the Forum
November 20, 2025 by Minutes for CA/B Forum Plenary Teleconference 2025-11-06Minutes Meeting minutes for November 6th were approved. Dean said that the summer F2F meetings for the next few years have been cancelled.
November 20, 2025 by Minutes for CA/B Forum Plenary Teleconference 2025-11-06Minutes Meeting minutes for November 6th were approved. Dean said that the summer F2F meetings for the next few years have been cancelled.
2025-11-06 Minutes of the Forum
November 6, 2025 by Minutes for CA/B Forum Plenary Teleconference 2025-11-06Roll call Aaron Gable (Let’s Encrypt), Aaron Poulsen (Amazon), Adam Jones (Microsoft), Adrian Mueller (SwissSign), Alvin Wang (SHECA), Antti Backman (Telia Company), Ben Wilson (Mozilla), Chris Clements (Google), Clint Wilson (Apple), Daryn Wright (Apple), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Apple), Enrico Entschew (D-TRUST), Gurleen Grewal (Google), Hogeun Yoo (NAVER Cloud Trust Services), Inaba Atsushi (GlobalSign), Jeanette Snook (Visa), Jos Purvis (Fastly), Jun Okura (Cybertrust Japan), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Lilia Dubko (CPA Canada/WebTrust), Lucy Buecking (IdenTrust), Luis Cervantes (SSL.com), Mahua Chaudhuri (Microsoft), Marco Schambach (IdenTrust), Masaru Sakamoto (Cybertrust Japan), Matthew McPherrin (Let’s Encrypt), Michelle Coon (OATI), Mrugesh Chandarana (IdenTrust), Nargis Mannan (VikingCloud), Nate Smith (GoDaddy), Nicol So (CommScope), Nome Huang (TrustAsia), Ono Fumiaki (SECOM Trust Systems), Peter Miskovic (Disig), Rebecca Kelly (SSL.com), Rollin Yu (TrustAsia), Roman Fischer (SwissSign), Ryan Dickson (Google), Sean Huang (TWCA), Stephen Davidson (DigiCert), Tadahiko Ito (SECOM Trust Systems), Tathan Thacker (IdenTrust), Thomas Zermeno (SSL.com), Tobias Josefowitz (Opera Software AS), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority).
November 6, 2025 by Minutes for CA/B Forum Plenary Teleconference 2025-11-06Roll call Aaron Gable (Let’s Encrypt), Aaron Poulsen (Amazon), Adam Jones (Microsoft), Adrian Mueller (SwissSign), Alvin Wang (SHECA), Antti Backman (Telia Company), Ben Wilson (Mozilla), Chris Clements (Google), Clint Wilson (Apple), Daryn Wright (Apple), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Doug Beattie (GlobalSign), Dustin Hollenback (Apple), Enrico Entschew (D-TRUST), Gurleen Grewal (Google), Hogeun Yoo (NAVER Cloud Trust Services), Inaba Atsushi (GlobalSign), Jeanette Snook (Visa), Jos Purvis (Fastly), Jun Okura (Cybertrust Japan), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Lilia Dubko (CPA Canada/WebTrust), Lucy Buecking (IdenTrust), Luis Cervantes (SSL.com), Mahua Chaudhuri (Microsoft), Marco Schambach (IdenTrust), Masaru Sakamoto (Cybertrust Japan), Matthew McPherrin (Let’s Encrypt), Michelle Coon (OATI), Mrugesh Chandarana (IdenTrust), Nargis Mannan (VikingCloud), Nate Smith (GoDaddy), Nicol So (CommScope), Nome Huang (TrustAsia), Ono Fumiaki (SECOM Trust Systems), Peter Miskovic (Disig), Rebecca Kelly (SSL.com), Rollin Yu (TrustAsia), Roman Fischer (SwissSign), Ryan Dickson (Google), Sean Huang (TWCA), Stephen Davidson (DigiCert), Tadahiko Ito (SECOM Trust Systems), Tathan Thacker (IdenTrust), Thomas Zermeno (SSL.com), Tobias Josefowitz (Opera Software AS), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority).
2025-09-25 Minutes of the Forum
September 25, 2025 by Meeting Date: 2025-09-25 Attendees: Aaron Gable (Let’s Encrypt), Aaron Poulsen (Amazon), Abdul Hakeem Putra (MSC Trustgate Sdn Bhd), Adam Jones (Microsoft), Alvin Wang (SHECA), Antti Backman (Telia Company), Ben Wilson (Mozilla), Brianca Martin (Amazon), Chad Dandar (Cisco Systems), Clint Wilson (Apple), Corey Bonnell (DigiCert), Corey Rasmussen (OATI), Dean Coclin (DigiCert), Gregory Tomko (GlobalSign), Hogeun Yoo (NAVER Cloud Trust Services), Inaba Atsushi (GlobalSign), Janet Hines (VikingCloud), Jeanette Snook (Visa), Jun Okura (Cybertrust Japan), Karina Goodley (Microsoft), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Kate Xu (TrustAsia), Luis Cervantes (SSL.com), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Matthew McPherrin (Let’s Encrypt), Michael Slaughter (Amazon), Michelle Coon (OATI), Nargis Mannan (VikingCloud), Nate Smith (GoDaddy), Nicol So (CommScope), Nome Huang (TrustAsia), Ono Fumiaki (SECOM Trust Systems), Peter Miskovic (Disig), Rollin Yu (TrustAsia), Sandy Balzer (SwissSign), Scott Rea (eMudhra), Sean Huang (TWCA), Sven Rajala (Keyfactor), Tadahiko Ito (SECOM Trust Systems), Tathan Thacker (IdenTrust), Thomas Zermeno (SSL.com), Tim Hollebeek (DigiCert), Tobias Josefowitz (Opera Software AS), Tsung-Min Kuo (Chunghwa Telecom), Wayne Thayer (Fastly).
September 25, 2025 by Meeting Date: 2025-09-25 Attendees: Aaron Gable (Let’s Encrypt), Aaron Poulsen (Amazon), Abdul Hakeem Putra (MSC Trustgate Sdn Bhd), Adam Jones (Microsoft), Alvin Wang (SHECA), Antti Backman (Telia Company), Ben Wilson (Mozilla), Brianca Martin (Amazon), Chad Dandar (Cisco Systems), Clint Wilson (Apple), Corey Bonnell (DigiCert), Corey Rasmussen (OATI), Dean Coclin (DigiCert), Gregory Tomko (GlobalSign), Hogeun Yoo (NAVER Cloud Trust Services), Inaba Atsushi (GlobalSign), Janet Hines (VikingCloud), Jeanette Snook (Visa), Jun Okura (Cybertrust Japan), Karina Goodley (Microsoft), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Kate Xu (TrustAsia), Luis Cervantes (SSL.com), Marcelo Silva (Visa), Martijn Katerbarg (Sectigo), Matthew McPherrin (Let’s Encrypt), Michael Slaughter (Amazon), Michelle Coon (OATI), Nargis Mannan (VikingCloud), Nate Smith (GoDaddy), Nicol So (CommScope), Nome Huang (TrustAsia), Ono Fumiaki (SECOM Trust Systems), Peter Miskovic (Disig), Rollin Yu (TrustAsia), Sandy Balzer (SwissSign), Scott Rea (eMudhra), Sean Huang (TWCA), Sven Rajala (Keyfactor), Tadahiko Ito (SECOM Trust Systems), Tathan Thacker (IdenTrust), Thomas Zermeno (SSL.com), Tim Hollebeek (DigiCert), Tobias Josefowitz (Opera Software AS), Tsung-Min Kuo (Chunghwa Telecom), Wayne Thayer (Fastly).
2025-09-11 Minutes of the Forum
September 11, 2025 by Martijn KaterbargMeeting Date: 2025-09-11 Attendees: Aaron Gable (Let’s Encrypt), Aaron Poulsen (Amazon), Adam Jones (Microsoft), Adrian Mueller (SwissSign), Ben Wilson (Mozilla), Brianca Martin (Amazon), Bruce Morton (Entrust), Chris Clements (Google), Clint Wilson (Apple), Corey Bonnell (DigiCert), Corey Rasmussen (OATI), Daryn Wright (Apple), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Enrico Entschew (D-TRUST), Eric Kramer (Sectigo), Gregory Tomko (GlobalSign), Hogeun Yoo (NAVER Cloud Trust Services), Inaba Atsushi (GlobalSign), Iñigo Barreira (Sectigo), Jaime Hablutzel (OISTE Foundation), Janet Hines (VikingCloud), Jeanette Snook (Visa), Jeff Ward (CPA Canada/WebTrust), Johnny Reading (GoDaddy), Jun Okura (Cybertrust Japan), Karina Sirota (Microsoft), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Kate Xu (TrustAsia), Kiran Tummala (Microsoft), Lucy Buecking (IdenTrust), Luis Cervantes (SSL.com), Mahua Chaudhuri (Microsoft), Marco Schambach (IdenTrust), Martijn Katerbarg (Sectigo), Masaru Sakamoto (Cybertrust Japan), Matthew McPherrin (Let’s Encrypt), Michelle Coon (OATI), Mrugesh Chandarana (IdenTrust), Nargis Mannan (VikingCloud), Nate Smith (GoDaddy), Nicol So (CommScope), Nome Huang (TrustAsia), Ono Fumiaki (SECOM Trust Systems), Peter Miskovic (Disig), Rebecca Kelly (SSL.com), Rich Smith (DigiCert), Rollin Yu (TrustAsia), Ryan Dickson (Google), Sean Huang (TWCA), Sven Rajala (Keyfactor), Tathan Thacker (IdenTrust), Thomas Zermeno (SSL.com), Tim Callan (Sectigo), Tim Hollebeek (DigiCert), Tobias Josefowitz (Opera Software AS), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Wiktoria Więckowska (Asseco Data Systems SA (Certum))
September 11, 2025 by Martijn KaterbargMeeting Date: 2025-09-11 Attendees: Aaron Gable (Let’s Encrypt), Aaron Poulsen (Amazon), Adam Jones (Microsoft), Adrian Mueller (SwissSign), Ben Wilson (Mozilla), Brianca Martin (Amazon), Bruce Morton (Entrust), Chris Clements (Google), Clint Wilson (Apple), Corey Bonnell (DigiCert), Corey Rasmussen (OATI), Daryn Wright (Apple), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Enrico Entschew (D-TRUST), Eric Kramer (Sectigo), Gregory Tomko (GlobalSign), Hogeun Yoo (NAVER Cloud Trust Services), Inaba Atsushi (GlobalSign), Iñigo Barreira (Sectigo), Jaime Hablutzel (OISTE Foundation), Janet Hines (VikingCloud), Jeanette Snook (Visa), Jeff Ward (CPA Canada/WebTrust), Johnny Reading (GoDaddy), Jun Okura (Cybertrust Japan), Karina Sirota (Microsoft), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Kate Xu (TrustAsia), Kiran Tummala (Microsoft), Lucy Buecking (IdenTrust), Luis Cervantes (SSL.com), Mahua Chaudhuri (Microsoft), Marco Schambach (IdenTrust), Martijn Katerbarg (Sectigo), Masaru Sakamoto (Cybertrust Japan), Matthew McPherrin (Let’s Encrypt), Michelle Coon (OATI), Mrugesh Chandarana (IdenTrust), Nargis Mannan (VikingCloud), Nate Smith (GoDaddy), Nicol So (CommScope), Nome Huang (TrustAsia), Ono Fumiaki (SECOM Trust Systems), Peter Miskovic (Disig), Rebecca Kelly (SSL.com), Rich Smith (DigiCert), Rollin Yu (TrustAsia), Ryan Dickson (Google), Sean Huang (TWCA), Sven Rajala (Keyfactor), Tathan Thacker (IdenTrust), Thomas Zermeno (SSL.com), Tim Callan (Sectigo), Tim Hollebeek (DigiCert), Tobias Josefowitz (Opera Software AS), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Wiktoria Więckowska (Asseco Data Systems SA (Certum))
2025-08-28 Minutes of the Forum
August 28, 2025 by CA/B Forum Teleconference - 2025-08-281. Roll Call For attendance, see Item 15 below. 2. Review of Agenda The agenda was reviewed. One additional item was added under Any Other Business: the notice from Buypass CA regarding the cessation of TLS issuance. 3. Approval of Minutes Minutes of 31 July 2025 plenary, prepared by Aaron Gable, were approved without objection. Minutes of 17 July 2025, prepared by Scott Rea, are still being finalized. Minutes of 10 April 2025, which were to be prepared by Trev, remain outstanding. Aaron Poulsen noted that he has the recording and can assist with preparing them. 4. Server Certificate Working Group update Dimitris Zacharopoulos reported that the WG had continued its work on ballots and discussions of DNSSEC requirements. He noted that Sectigo has published P-521 keys to its GitHub repository. 5. Code Signing Certificate Working Group update Martijn Katerbarg reported that the ballot to reduce the validity period now has two endorsers and is progressing. He also described plans for a presentation at the Warsaw face-to-face meeting by representatives of the Canadian police on malware and its impacts. A guest contributor accompanying them has requested anonymity in the public minutes. The group agreed that the individual’s name would be redacted. 6. S/MIME Certificate Working Group update Martijn, serving as vice chair, reported that SMC-013 (PQC for S/MIME) has been adopted and the IPR review period has closed. Work continues on a charter update and discussions relating to SMC-014 (DNSSEC for CA records) and the treatment of pseudonyms. 7. NetSec Working Group update Clint Wilson reported that the WG has begun considering possible policies concerning the use of artificial intelligence in WebPKI. The group also continues to explore issues related to the use of cloud services. 8. Definitions and Glossary Working Group Tim Callan explained that the WG has been slowed by limited resources, but Sectigo has now assigned a project manager to drive progress. A kickoff is scheduled, and activity is expected to increase. 9. Forum Infrastructure Subcommittee update Jos Purvis reported that all e-mail processing for cabforum.org has been migrated to Google Workspace, resolving prior issues caused by the split between systems. The old mail server will be retired after list archives are transferred. The Subcommittee is also clarifying the process for saving IPR policy agreements online, particularly from Interested Parties, to ensure consistent handling. 10. Intellectual Property Rights Subcommittee Ben Wilson reported that the Subcommittee had reviewed a request from Deutsche Telekom to exclude affiliates from coverage under the IPR Policy Agreement. This request was rejected as inconsistent with the IPR Policy Agreement signed by all other members. Deutsche Telekom has been informed. The Subcommittee is also finalizing proposed updates to the IPR Policy, which will soon be circulated for member review. The Subcommittee also discussed Contributor License Agreements (CLA) and possible GitHub configurations to ensure alignment with the IPR policy. The Forum Infrastructure Subcommittee would be asked to look into this. 11. Bylaws Changes No report was provided. 12. Any Other Business The Forum discussed whether Deutsche Telekom should continue to attend face-to-face meetings without signing the IPR Policy Agreement. It was agreed that they may attend the October 2025 meeting in Warsaw, but that their continued participation will need to be reconsidered if they remain unwilling to sign. Dean Coclin reminded members that registration for the Warsaw meeting is open, with capacity limited to 75 participants and a registration deadline of 15 September 2025. Dean also informed members of Buypass CA’s notice that it will cease issuing TLS certificates by October 2025, citing commercial reasons. Buypass will continue to provide revocation and status services for previously issued certificates until their expiration or revocation, no later than October 2026, and will remain a Forum member until that time. However, it was also mentioned that Buypass might still be intending to issue other types of publicly trusted certificates. Finally, members were reminded that the agenda for the Warsaw plenary includes a session for CA presentations. Interested CAs should notify the Chair of their proposed topics. 13. Next Call The next plenary teleconference will be held on 11 September 2025. 14. Adjourn The meeting was adjourned. Attendees Aaron Gable (Let’s Encrypt), Aaron Poulsen (Amazon), Adrian Mueller (SwissSign), Adriano Santoni (Actalis S.p.A.), Alvin Wang (SHECA), Ben Wilson (Mozilla), Brianca Martin (Amazon), Chris Clements (Google), Clint Wilson (Apple), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Enrico Entschew (D-TRUST), Eric Kramer (Sectigo), Gregory Tomko (GlobalSign), Inaba Atsushi (GlobalSign), Iñigo Barreira (Sectigo), Jaime Hablutzel (OISTE Foundation), Johnny Reading (GoDaddy), Jos Purvis (Fastly), Jun Okura (Cybertrust Japan), Karina Sirota (Microsoft), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Kate Xu (TrustAsia), Kiran Tummala (Microsoft), Lucy Buecking (IdenTrust), Luis Cervantes (SSL.com), Marco Schambach (IdenTrust), Martijn Katerbarg (Sectigo), Michael Slaughter (Amazon), Michelle Coon (OATI), Miguel Sanchez (Google), Mohd Redha Hamzah (Pos Digicert Sdn. Bhd.), Mrugesh Chandarana (IdenTrust), Nargis Mannan (VikingCloud), Nate Smith (GoDaddy), Nicol So (CommScope), Nome Huang (TrustAsia), Ono Fumiaki (SECOM Trust Systems), Peter Miskovic (Disig), Rebecca Kelly (SSL.com), Roman Fischer (SwissSign), Ryan Dickson (Google), Sandy Balzer (SwissSign), Scott Rea (eMudhra), Sean Huang (TWCA), Stephen Davidson (DigiCert), Tadahiko Ito (SECOM Trust Systems), Tathan Thacker (IdenTrust), Thomas Zermeno (SSL.com), Tim Callan (Sectigo), Tobias Josefowitz (Opera Software AS), Tsung-Min Kuo (Chunghwa Telecom), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Wiktoria Więckowska (Asseco Data Systems SA (Certum)
August 28, 2025 by CA/B Forum Teleconference - 2025-08-281. Roll Call For attendance, see Item 15 below. 2. Review of Agenda The agenda was reviewed. One additional item was added under Any Other Business: the notice from Buypass CA regarding the cessation of TLS issuance. 3. Approval of Minutes Minutes of 31 July 2025 plenary, prepared by Aaron Gable, were approved without objection. Minutes of 17 July 2025, prepared by Scott Rea, are still being finalized. Minutes of 10 April 2025, which were to be prepared by Trev, remain outstanding. Aaron Poulsen noted that he has the recording and can assist with preparing them. 4. Server Certificate Working Group update Dimitris Zacharopoulos reported that the WG had continued its work on ballots and discussions of DNSSEC requirements. He noted that Sectigo has published P-521 keys to its GitHub repository. 5. Code Signing Certificate Working Group update Martijn Katerbarg reported that the ballot to reduce the validity period now has two endorsers and is progressing. He also described plans for a presentation at the Warsaw face-to-face meeting by representatives of the Canadian police on malware and its impacts. A guest contributor accompanying them has requested anonymity in the public minutes. The group agreed that the individual’s name would be redacted. 6. S/MIME Certificate Working Group update Martijn, serving as vice chair, reported that SMC-013 (PQC for S/MIME) has been adopted and the IPR review period has closed. Work continues on a charter update and discussions relating to SMC-014 (DNSSEC for CA records) and the treatment of pseudonyms. 7. NetSec Working Group update Clint Wilson reported that the WG has begun considering possible policies concerning the use of artificial intelligence in WebPKI. The group also continues to explore issues related to the use of cloud services. 8. Definitions and Glossary Working Group Tim Callan explained that the WG has been slowed by limited resources, but Sectigo has now assigned a project manager to drive progress. A kickoff is scheduled, and activity is expected to increase. 9. Forum Infrastructure Subcommittee update Jos Purvis reported that all e-mail processing for cabforum.org has been migrated to Google Workspace, resolving prior issues caused by the split between systems. The old mail server will be retired after list archives are transferred. The Subcommittee is also clarifying the process for saving IPR policy agreements online, particularly from Interested Parties, to ensure consistent handling. 10. Intellectual Property Rights Subcommittee Ben Wilson reported that the Subcommittee had reviewed a request from Deutsche Telekom to exclude affiliates from coverage under the IPR Policy Agreement. This request was rejected as inconsistent with the IPR Policy Agreement signed by all other members. Deutsche Telekom has been informed. The Subcommittee is also finalizing proposed updates to the IPR Policy, which will soon be circulated for member review. The Subcommittee also discussed Contributor License Agreements (CLA) and possible GitHub configurations to ensure alignment with the IPR policy. The Forum Infrastructure Subcommittee would be asked to look into this. 11. Bylaws Changes No report was provided. 12. Any Other Business The Forum discussed whether Deutsche Telekom should continue to attend face-to-face meetings without signing the IPR Policy Agreement. It was agreed that they may attend the October 2025 meeting in Warsaw, but that their continued participation will need to be reconsidered if they remain unwilling to sign. Dean Coclin reminded members that registration for the Warsaw meeting is open, with capacity limited to 75 participants and a registration deadline of 15 September 2025. Dean also informed members of Buypass CA’s notice that it will cease issuing TLS certificates by October 2025, citing commercial reasons. Buypass will continue to provide revocation and status services for previously issued certificates until their expiration or revocation, no later than October 2026, and will remain a Forum member until that time. However, it was also mentioned that Buypass might still be intending to issue other types of publicly trusted certificates. Finally, members were reminded that the agenda for the Warsaw plenary includes a session for CA presentations. Interested CAs should notify the Chair of their proposed topics. 13. Next Call The next plenary teleconference will be held on 11 September 2025. 14. Adjourn The meeting was adjourned. Attendees Aaron Gable (Let’s Encrypt), Aaron Poulsen (Amazon), Adrian Mueller (SwissSign), Adriano Santoni (Actalis S.p.A.), Alvin Wang (SHECA), Ben Wilson (Mozilla), Brianca Martin (Amazon), Chris Clements (Google), Clint Wilson (Apple), Corey Bonnell (DigiCert), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Enrico Entschew (D-TRUST), Eric Kramer (Sectigo), Gregory Tomko (GlobalSign), Inaba Atsushi (GlobalSign), Iñigo Barreira (Sectigo), Jaime Hablutzel (OISTE Foundation), Johnny Reading (GoDaddy), Jos Purvis (Fastly), Jun Okura (Cybertrust Japan), Karina Sirota (Microsoft), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Kate Xu (TrustAsia), Kiran Tummala (Microsoft), Lucy Buecking (IdenTrust), Luis Cervantes (SSL.com), Marco Schambach (IdenTrust), Martijn Katerbarg (Sectigo), Michael Slaughter (Amazon), Michelle Coon (OATI), Miguel Sanchez (Google), Mohd Redha Hamzah (Pos Digicert Sdn. Bhd.), Mrugesh Chandarana (IdenTrust), Nargis Mannan (VikingCloud), Nate Smith (GoDaddy), Nicol So (CommScope), Nome Huang (TrustAsia), Ono Fumiaki (SECOM Trust Systems), Peter Miskovic (Disig), Rebecca Kelly (SSL.com), Roman Fischer (SwissSign), Ryan Dickson (Google), Sandy Balzer (SwissSign), Scott Rea (eMudhra), Sean Huang (TWCA), Stephen Davidson (DigiCert), Tadahiko Ito (SECOM Trust Systems), Tathan Thacker (IdenTrust), Thomas Zermeno (SSL.com), Tim Callan (Sectigo), Tobias Josefowitz (Opera Software AS), Tsung-Min Kuo (Chunghwa Telecom), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority), Wiktoria Więckowska (Asseco Data Systems SA (Certum)
2025-07-17 Minutes of the Forum
July 17, 2025 by CA/B Forum Teleconference - 2025-07-17Meeting Title: CA/Browser Forum Date: 17 July 2025 Chair: Dean Coclin Minutes Taken By: Scott Rea 1. Roll Call and Housekeeping Meeting called to order by Dean Coclin with support from Tim Callan; recording in process. 2. Note-well Note-well has already been read in previous session. 3. Review Agenda Agenda anticipated as posted. 4. Approval of Minutes None to approve on today’s call April 10th - still pending (Dean to re-send link to Aaron Poulsen) F2F minutes requires 1 more item from Martijn 5. Server Certificate Working Group update SCWG (Wayne) Wayne indicated earlier meeting was first in some time since F2F (2 meetings skipped). For the prior meeting SC085 (Require DNSSEC for CAA and DCV Lookups) passed so now IPR review period in progress. Validation Subcommittee (Wayne from Corey’s minutes) Last meeting had 2 major talking points discussed: SC088 persistent DCV ballot. Doug raised some questions which were worked through in the meeting. Henry provided some options and the approach was agreed as being solid. Validation Summit proposal. Send a survey for identifying which methods CAs are using – decided probably not going to do this, but rather use CCADB Report instead. Decided to focus on 2 aspects the validation methods: i) the security of the method; ii) the agility of the method. Chrome proposed new draft ballot to deprecate all methods that use email and phone as a methos of contacting applicants. So maybe there will be impact to Validation Summit based on the discussion. 6. Code Signing Certificate Working Group update Martijn not available so Dean called for any updates from those attending. Karina: Microsoft working on ballot for reduction of validity - looking for additional endorser. Also cleanup ballot for alignment with TLS BRs discussions are on-going. 7. S/MIME Certificate Working Group update (Stephen) SMC012 (automation of mailbox control using ACME) is out of IPR Review and now adopted as of 1 week ago. In voting period for SMC013 (PQC for SMIME) closes in a few days. On-going discuss around pseudonyms for personal certificates is progressing. There will be a Forum level ballot at the end of summer to update the Charter for the Group. 8. NetSec Working Group update (Clint) Main discussion topic was Cloud Services in the context of public CAs. Tobi put together a starter document to facilitate discussion. NS008 (Updates to CA Infrastructure Scope, Trusted Roles, Systems’ Applicability, and various other improvements) came out of IPR, and effective date is scheduled for later this year. Clint mentioned he is having some GitHub issues getting NS008 finalized. 9. Definitions and Glossary Working Group (Tim & Tim) Not a lot of feedback on Definitions thus far so next steps is take one more pass, produce document and then proceed with a ballot. The document is expected that it will be a policy document - it is not a requirements document. Wendy indicated she did not see the definitions circulated, so they will be re-posted to the list. 10. Forum Infrastructure Subcommittee update (Ben) Wayne had some comments around on-going saga to fix permissions on mailing list, and how to approach that. It is a WIP. 11. Intellectual Property Rights Subcommittee (Ben) Forum-036 Ballot - Adopt Invited Experts Policy has passed. Next meeting scheduled for next Tuesday to begin addressing remaining items. 12. Bylaws Changes (Ben) Ben planning to progress forum bylaws change ballot once summer is over e.g. September timeline. 13. Entrust Status in CABF (Bruce) Entrust does not, or soon will not issue TLS certificates anymore after key(s) transfer to Sectigo, however they are still doing some Code Sign certificates currently. The goal is that by 1st week of September, Sectigo will have control of all keys (including CS). So after that point, Entrust will not qualify under current membership category (Certificate Issuer), but may be looking to transition to Interested Party type member at that point. Bruce will provide update after actions are complete. Tim H indicated that the qualifying event is not necessary the key transfer but rather “trusted by Root Programs” criteria. Tim C indicated that Entrust is still a trusted CA for CS purposes, so in this instance it’s a voluntary withdrawal when it happens. Wayne lead the appreciation for all the effort contributions Bruce & Co have made to the CABF. 14. Any Other Business Registration for Warsaw is open – please indicate attendance for planning purposes. Note that Trusted Economy Forum is also being held adjacent to this meeting. List of future F2F meetings schedule was reviewed: 2025 1. Oct 15-17: Warsaw, Poland (Certum) – REGISTRATION OPEN 2026 2. Houston, TX, US Spring 2026 SSL.com New York, NY,US Summer 2026 Google Trust Services Thessaloniki, GR Fall 2026 HARICA 2027 5. Scottsdale, AZ Spring 2027 Sectigo Switzerland June 2027 SwissSign Austin, TX, USA Fall 2027 IdenTrust 2028 8. Shanghai, China Spring 2028 TrustAsia (tentative) 15. Adjourn Next call: July 31, 2025
July 17, 2025 by CA/B Forum Teleconference - 2025-07-17Meeting Title: CA/Browser Forum Date: 17 July 2025 Chair: Dean Coclin Minutes Taken By: Scott Rea 1. Roll Call and Housekeeping Meeting called to order by Dean Coclin with support from Tim Callan; recording in process. 2. Note-well Note-well has already been read in previous session. 3. Review Agenda Agenda anticipated as posted. 4. Approval of Minutes None to approve on today’s call April 10th - still pending (Dean to re-send link to Aaron Poulsen) F2F minutes requires 1 more item from Martijn 5. Server Certificate Working Group update SCWG (Wayne) Wayne indicated earlier meeting was first in some time since F2F (2 meetings skipped). For the prior meeting SC085 (Require DNSSEC for CAA and DCV Lookups) passed so now IPR review period in progress. Validation Subcommittee (Wayne from Corey’s minutes) Last meeting had 2 major talking points discussed: SC088 persistent DCV ballot. Doug raised some questions which were worked through in the meeting. Henry provided some options and the approach was agreed as being solid. Validation Summit proposal. Send a survey for identifying which methods CAs are using – decided probably not going to do this, but rather use CCADB Report instead. Decided to focus on 2 aspects the validation methods: i) the security of the method; ii) the agility of the method. Chrome proposed new draft ballot to deprecate all methods that use email and phone as a methos of contacting applicants. So maybe there will be impact to Validation Summit based on the discussion. 6. Code Signing Certificate Working Group update Martijn not available so Dean called for any updates from those attending. Karina: Microsoft working on ballot for reduction of validity - looking for additional endorser. Also cleanup ballot for alignment with TLS BRs discussions are on-going. 7. S/MIME Certificate Working Group update (Stephen) SMC012 (automation of mailbox control using ACME) is out of IPR Review and now adopted as of 1 week ago. In voting period for SMC013 (PQC for SMIME) closes in a few days. On-going discuss around pseudonyms for personal certificates is progressing. There will be a Forum level ballot at the end of summer to update the Charter for the Group. 8. NetSec Working Group update (Clint) Main discussion topic was Cloud Services in the context of public CAs. Tobi put together a starter document to facilitate discussion. NS008 (Updates to CA Infrastructure Scope, Trusted Roles, Systems’ Applicability, and various other improvements) came out of IPR, and effective date is scheduled for later this year. Clint mentioned he is having some GitHub issues getting NS008 finalized. 9. Definitions and Glossary Working Group (Tim & Tim) Not a lot of feedback on Definitions thus far so next steps is take one more pass, produce document and then proceed with a ballot. The document is expected that it will be a policy document - it is not a requirements document. Wendy indicated she did not see the definitions circulated, so they will be re-posted to the list. 10. Forum Infrastructure Subcommittee update (Ben) Wayne had some comments around on-going saga to fix permissions on mailing list, and how to approach that. It is a WIP. 11. Intellectual Property Rights Subcommittee (Ben) Forum-036 Ballot - Adopt Invited Experts Policy has passed. Next meeting scheduled for next Tuesday to begin addressing remaining items. 12. Bylaws Changes (Ben) Ben planning to progress forum bylaws change ballot once summer is over e.g. September timeline. 13. Entrust Status in CABF (Bruce) Entrust does not, or soon will not issue TLS certificates anymore after key(s) transfer to Sectigo, however they are still doing some Code Sign certificates currently. The goal is that by 1st week of September, Sectigo will have control of all keys (including CS). So after that point, Entrust will not qualify under current membership category (Certificate Issuer), but may be looking to transition to Interested Party type member at that point. Bruce will provide update after actions are complete. Tim H indicated that the qualifying event is not necessary the key transfer but rather “trusted by Root Programs” criteria. Tim C indicated that Entrust is still a trusted CA for CS purposes, so in this instance it’s a voluntary withdrawal when it happens. Wayne lead the appreciation for all the effort contributions Bruce & Co have made to the CABF. 14. Any Other Business Registration for Warsaw is open – please indicate attendance for planning purposes. Note that Trusted Economy Forum is also being held adjacent to this meeting. List of future F2F meetings schedule was reviewed: 2025 1. Oct 15-17: Warsaw, Poland (Certum) – REGISTRATION OPEN 2026 2. Houston, TX, US Spring 2026 SSL.com New York, NY,US Summer 2026 Google Trust Services Thessaloniki, GR Fall 2026 HARICA 2027 5. Scottsdale, AZ Spring 2027 Sectigo Switzerland June 2027 SwissSign Austin, TX, USA Fall 2027 IdenTrust 2028 8. Shanghai, China Spring 2028 TrustAsia (tentative) 15. Adjourn Next call: July 31, 2025
Ballot FORUM-036 – Adopt Invited Experts Policy
July 9, 2025 by Ben WilsonBallot FORUM-036 – Adopt Invited Experts Policy The voting period for Forum-036 Adopt Invited Experts Policy has completed. The ballot has: PASSED
July 9, 2025 by Ben WilsonBallot FORUM-036 – Adopt Invited Experts Policy The voting period for Forum-036 Adopt Invited Experts Policy has completed. The ballot has: PASSED
2025-06-10 Minutes of the Forum Toronto F2F
June 10, 2025 by CA/B Forum Teleconference - 2025-06-10Meeting Title: CA/Browser Forum Toronto F2F Date: 10 June 2025 Chair: Dean Coclin Guest speaker: Chrome’s views on PQCPresenter: David Adrian Presentation Link: https://cabforum.org/2025/06/10/2025-06-10-minutes-of-the-forum-toronto-f2f/Chrome_PQC_CABF_F2F_Toronto_2025_EXTERNAL.pdf Guest speaker: The Future of ZLintPresenter: Zakir Durumeric Presentation Link: https://cabforum.org/2025/06/10/2025-06-10-minutes-of-the-forum-toronto-f2f/The_Future_of_ZLint_CABF_F2F_Toronto_2025.pdf Remedies for CPS ErrorsPresenter: Tim Callan Minute taker: Ben Wilson See SCWG minutes Panel Q&APresenter: Ben Wilson Minute taker: Dimitris No additional discussion. Mozilla Root Program UpdatePresenter: Ben Wilson Presentation Link: https://cabforum.org/2025/06/10/2025-06-10-minutes-of-the-forum-toronto-f2f/June-2025-Mozilla-News.pdf Minute taker: Scott Rea Ben’s curated notes (presented in the meeting) can be found at: https://drive.google.com/file/d/1zv6XlzitsQdaBp6gf_u3ND7Fzum1pPLY/view
June 10, 2025 by CA/B Forum Teleconference - 2025-06-10Meeting Title: CA/Browser Forum Toronto F2F Date: 10 June 2025 Chair: Dean Coclin Guest speaker: Chrome’s views on PQCPresenter: David Adrian Presentation Link: https://cabforum.org/2025/06/10/2025-06-10-minutes-of-the-forum-toronto-f2f/Chrome_PQC_CABF_F2F_Toronto_2025_EXTERNAL.pdf Guest speaker: The Future of ZLintPresenter: Zakir Durumeric Presentation Link: https://cabforum.org/2025/06/10/2025-06-10-minutes-of-the-forum-toronto-f2f/The_Future_of_ZLint_CABF_F2F_Toronto_2025.pdf Remedies for CPS ErrorsPresenter: Tim Callan Minute taker: Ben Wilson See SCWG minutes Panel Q&APresenter: Ben Wilson Minute taker: Dimitris No additional discussion. Mozilla Root Program UpdatePresenter: Ben Wilson Presentation Link: https://cabforum.org/2025/06/10/2025-06-10-minutes-of-the-forum-toronto-f2f/June-2025-Mozilla-News.pdf Minute taker: Scott Rea Ben’s curated notes (presented in the meeting) can be found at: https://drive.google.com/file/d/1zv6XlzitsQdaBp6gf_u3ND7Fzum1pPLY/view