CA/Browser Forum posts
Posts by tag Minutes
2026-03-26 Minutes of the Forum
March 26, 2026 by Minutes: CA/B Forum plenary Meeting - March 26, 2026 Minutes Begin Recording - Roll Call Recording started Read note-well Read the note-well at SCWG prior Review of Agenda No changes Approval of minutes February 26th (Martijn) - (Draft minutes have not been distributed yet) Please submit F2F minutes on Etherpad. Server Certificate Working Group update (Dimitris) Went over face-to-face agenda and ballot updates at 02/26 meeting Face-to-face minutes are being compiled yet Capturing BR version at DCV time. Working Group opined that requirement should be replaced with something else - Aaron Gable to propose the change (aligned with expectations of: Proper documentation, accountability, change management). CP/CPS Content Consistency - gave examples where they were vague vs explicit. More explicit leads to more chances of falling into non-compliance and having to revoke. Captured the CA/B Forum expectations and how to proceed forward with improvements. Revocation Timelines and CP/CPS consistency - alternative proposal to have CAs document which areas are allowed to have more flexibility and have a different revocation timeline (or no revocation at all as long as it is stricter than the BRs) - will be sent in F2F minutes. Availability of resources such as CRL distribution points; repository; OCSP URLs; etc. Rules are vague now. CAs might implement settings to prevent abuse and DOS attacks (geolocation blocking, etc). Feedback to be captured in F2F meeting minutes and then see what next steps are based on that feedback. Validation Subcommittee - Corey Bonnell ADN Ballot updates - Reached consensus, ballot should be about ready to go after some minor updates. Scott Rae presented on making more concrete guidance on Reliable Data Sources. Scott to create draft ballot proposal. DNSSEC - whether or not you have to check whether or not domain zone was secured with DNSSEC if one of the domain’s parents was not. If you know the parent was not, you do not have to check the child because you know it was not. May be ballot language drafted for this. Code Signing Certificate Working Group update (Martijn) Face-to-Face presentation by Karina for Microsoft’s vision for code-signing working group and ecosystem. Proposals to make it more available for individual developers and make it open source as well. Increase strength for authentication validation and remove human factor. S/MIME Certificate Working Group update (Stephen) SMC015 MDL Ballot will come out of IPR 03/27/2026. New SMIME BR to be posted after. SMC016 Equivalence Ballot with SCWG now in voting through next week. Ongoing discussion on two items Moving forward with a ballot to increase the minimum RSA key size for SMIME Sub-CAs - draft link is out. Potential changes to Root Program policies and how those impact SMIME BRs or SMIME CAs and what they may need to do going forward. Included in SMIME meeting minutes. NetSec Working Group update (Clint) Met Tuesday, 03/24. NetSec Modernization Work - Determined Miguel will work on proposal for first steps of modernization effort. Cloud Services Logging/Infrastructure use - CoreyB to update his proposal for next meeting in two weeks. Definitions and Glossary Working Group (Tim H.) No Update. Forum Infrastructure Subcommittee update (Jos) Ben Wilson provided update: Updating text of CA/B Forum website - request for volunteers. IPR Subcommittee (Ben) Received call from member of IPR Review Subcommittee - section 4.5 of IPR Policy and new participants and whether they had the rights to raise historic claims or not. Ben reviewing to ensure proper response. If no change, will close discussion on 03/31. if changes needed, will release version 2 for 7 day review period. Let Ben know of comments so he can batch it at the same time. Any Other Business F2F Meeting Schedule: 2026 Vienna, Austria - September 22-24 - eMuhdra (Location to be confirmed) Registration is open on website now 2027 Scottsdale, AZ - Spring 2027 - Sectigo Switzerland - Fall 2027 - SwissSign 2028 Shanghai, China - Spring 2028 - TrustAsia (tentative) Thessaloniki, GR (or Identrust) - Fall 2028 - HARICA (tentative) or Identrust Next call April 9th
March 26, 2026 by Minutes: CA/B Forum plenary Meeting - March 26, 2026 Minutes Begin Recording - Roll Call Recording started Read note-well Read the note-well at SCWG prior Review of Agenda No changes Approval of minutes February 26th (Martijn) - (Draft minutes have not been distributed yet) Please submit F2F minutes on Etherpad. Server Certificate Working Group update (Dimitris) Went over face-to-face agenda and ballot updates at 02/26 meeting Face-to-face minutes are being compiled yet Capturing BR version at DCV time. Working Group opined that requirement should be replaced with something else - Aaron Gable to propose the change (aligned with expectations of: Proper documentation, accountability, change management). CP/CPS Content Consistency - gave examples where they were vague vs explicit. More explicit leads to more chances of falling into non-compliance and having to revoke. Captured the CA/B Forum expectations and how to proceed forward with improvements. Revocation Timelines and CP/CPS consistency - alternative proposal to have CAs document which areas are allowed to have more flexibility and have a different revocation timeline (or no revocation at all as long as it is stricter than the BRs) - will be sent in F2F minutes. Availability of resources such as CRL distribution points; repository; OCSP URLs; etc. Rules are vague now. CAs might implement settings to prevent abuse and DOS attacks (geolocation blocking, etc). Feedback to be captured in F2F meeting minutes and then see what next steps are based on that feedback. Validation Subcommittee - Corey Bonnell ADN Ballot updates - Reached consensus, ballot should be about ready to go after some minor updates. Scott Rae presented on making more concrete guidance on Reliable Data Sources. Scott to create draft ballot proposal. DNSSEC - whether or not you have to check whether or not domain zone was secured with DNSSEC if one of the domain’s parents was not. If you know the parent was not, you do not have to check the child because you know it was not. May be ballot language drafted for this. Code Signing Certificate Working Group update (Martijn) Face-to-Face presentation by Karina for Microsoft’s vision for code-signing working group and ecosystem. Proposals to make it more available for individual developers and make it open source as well. Increase strength for authentication validation and remove human factor. S/MIME Certificate Working Group update (Stephen) SMC015 MDL Ballot will come out of IPR 03/27/2026. New SMIME BR to be posted after. SMC016 Equivalence Ballot with SCWG now in voting through next week. Ongoing discussion on two items Moving forward with a ballot to increase the minimum RSA key size for SMIME Sub-CAs - draft link is out. Potential changes to Root Program policies and how those impact SMIME BRs or SMIME CAs and what they may need to do going forward. Included in SMIME meeting minutes. NetSec Working Group update (Clint) Met Tuesday, 03/24. NetSec Modernization Work - Determined Miguel will work on proposal for first steps of modernization effort. Cloud Services Logging/Infrastructure use - CoreyB to update his proposal for next meeting in two weeks. Definitions and Glossary Working Group (Tim H.) No Update. Forum Infrastructure Subcommittee update (Jos) Ben Wilson provided update: Updating text of CA/B Forum website - request for volunteers. IPR Subcommittee (Ben) Received call from member of IPR Review Subcommittee - section 4.5 of IPR Policy and new participants and whether they had the rights to raise historic claims or not. Ben reviewing to ensure proper response. If no change, will close discussion on 03/31. if changes needed, will release version 2 for 7 day review period. Let Ben know of comments so he can batch it at the same time. Any Other Business F2F Meeting Schedule: 2026 Vienna, Austria - September 22-24 - eMuhdra (Location to be confirmed) Registration is open on website now 2027 Scottsdale, AZ - Spring 2027 - Sectigo Switzerland - Fall 2027 - SwissSign 2028 Shanghai, China - Spring 2028 - TrustAsia (tentative) Thessaloniki, GR (or Identrust) - Fall 2028 - HARICA (tentative) or Identrust Next call April 9th
2026-03-26 Minutes of the Server Certificate Working Group
March 26, 2026 by Wayne ThayerMinutes: Server Cert Working Group – 032626Begin Recording - Roll Call Recording started
March 26, 2026 by Wayne ThayerMinutes: Server Cert Working Group – 032626Begin Recording - Roll Call Recording started
2026-03-13 Minutes of the S/MIME Certificate Working Group
March 13, 2026 by Minutes of SMCWG March 13, 2026 These are the Minutes of the meeting described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.
March 13, 2026 by Minutes of SMCWG March 13, 2026 These are the Minutes of the meeting described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.
2026-02-26 Minutes of the Server Certificate Working Group
February 26, 2026 by Wayne ThayerServer Certificate Working Group Meeting MinutesFebruary 26, 2026 1. Begin Recording / Roll Call 2. Note-Well The Note-Well was read.
February 26, 2026 by Wayne ThayerServer Certificate Working Group Meeting MinutesFebruary 26, 2026 1. Begin Recording / Roll Call 2. Note-Well The Note-Well was read.
2026-02-12 Minutes of the Forum
February 12, 2026 by Martijn KaterbargMinutes: CA/B Forum plenary Meeting - February 12, 2026 Notes by: Janet Hines (VikingCloud)
February 12, 2026 by Martijn KaterbargMinutes: CA/B Forum plenary Meeting - February 12, 2026 Notes by: Janet Hines (VikingCloud)
2026-02-12 Minutes of the Server Certificate Working Group
February 12, 2026 by Wayne ThayerMinutes: Notes by: Janet Hines (VikingCloud) Begin Recording - Roll Call Read note-well Note-well was read by Dimitris
February 12, 2026 by Wayne ThayerMinutes: Notes by: Janet Hines (VikingCloud) Begin Recording - Roll Call Read note-well Note-well was read by Dimitris
2026-02-11 Minutes of the S/MIME Certificate Working Group
February 11, 2026 by Minutes of SMCWG February 11, 2026 These are the Minutes of the meeting described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.
February 11, 2026 by Minutes of SMCWG February 11, 2026 These are the Minutes of the meeting described in the subject of this message. Corrections and clarifications where needed are encouraged by reply.
2026-02-05 Minutes of the Code Signing Certificate Working Group
February 5, 2026 by Code Signing Working Group – Meeting MinutesMinutesTom led the discussion as Martijn was unable to attend. Tom read the Note Well. OCSP discussion for Servercert alignment ballot Karina is discussing internally at Microsoft on how best to proceed. She plans to send an update to the group in the next few days.
February 5, 2026 by Code Signing Working Group – Meeting MinutesMinutesTom led the discussion as Martijn was unable to attend. Tom read the Note Well. OCSP discussion for Servercert alignment ballot Karina is discussing internally at Microsoft on how best to proceed. She plans to send an update to the group in the next few days.
2026-01-29 Minutes of the Forum
January 29, 2026 by Martijn KaterbargMinutes: CA/Browser Forum Plenary Call, 29 January 2026 Minutes by Jos Purvis (Fastly)
January 29, 2026 by Martijn KaterbargMinutes: CA/Browser Forum Plenary Call, 29 January 2026 Minutes by Jos Purvis (Fastly)
2026-01-29 Minutes of the Server Certificate Working Group
January 29, 2026 by Wayne ThayerMinutes: Minutes by Jos Purvis (Fastly) I. Meeting Logistics Dimitris read the note-well. No changes were requested for the agenda. The minutes from the 15 January meeting were approved without changes. II. Membership Applications The membership application of Santosh Pandit as an individual interested party was reviewed and approved without objection. III. Ballots The cleanup ballot currently in its discussion period was reviewed. Kateryna Aleksieieva (Certum) indicated there were no updates on the ballot status, but they hoped to have it completed in January. There are 3 ballots currently in IPR: SC 94, 96, and 97. Ballots 94 and 96 will end their IPR periods on the same day; Dimitris asked the group for guidance on how to treat the release of red-lines and final guidelines for each ballot — whether to release separate versions of the BRs or a single version comparing the two. Corey Bonnell (Digicert) pointed out that this happened a few years ago in the Code-Signing working group and they elected to release each ballot separately, meaning the first ballot had an effective period of about fifteen minutes before the second ballot also took effect. Dimitris pointed out that the table for effective dates doesn’t include timestamps, just dates, so he was thinking of applying a similar approach but separated by a day. The group indicated that would be fine but there was no particular concern with doing separate releases but having both ballots’ effective dates be the same day. Dimitris listed 5 ballots currently under consideration. Corey indicated he had made some changes around dates in SC87 (registration number improvement for EV certificates), updated the PR, and verified the new copy with the current endorsers. Once the endorsers have indicated consent to the changes, he’ll be proceeding with moving this into discussion and formal balloting in the next few weeks. Aaron Gable (ISRG) offered an update on the ballot for cleanups to ADNC names. The significant topic the Validation Subcommittee discussed was the difference between re-using a validation for the applied-for FQDN (which is what the BRs discuss today) versus re-using a validation for the actually-validated ADN (which is what the new version of the BRs included). Aaron and Jacob are preparing an email to update the community on the changes and updates the ballot proposes and hopes to have that out prior to the next Validation Subcommittee meeting. Martijn Katerbarg (Sectigo) is leading the ballot improving CPRs and clarifying revocation: there were no updates on that ballot’s progress. Clint Wilson (Apple) is leading the ballot now numbered SC93. Clint said there’s an excellent comment on the ballot pull request from GTS outlining their thoughts and concerns around the ballot. Clint asked the community for further discussion on whether the ballot offered sufficient value in comparison to cost to advance or should be approached via a different route. Finally, Dimitris reviewed the ballot for an updated timeline for errors affecting CP/CPS deviations. He indicated he had reached out to a few members to get feedback and discussion around the ballot but had not received much back, and would likely add this to discussion at the upcoming face-to-face meeting. IV. Discussion Items — Current Business Ballot Number Allocations Dimitris articulated the concerns around ballot numbering, which currently follows an informal process to allocate ballot numbers. At the moment, the process indicates a ballot number should be assigned once a ballot has achieved some consensus and attached two endorsers; he noted, however, that it’s much easier to have discussions around proposed ballots with a number attached to them for clarity of reference. He also indicated concerns with the currently pending ballot SC93, which has adopted that number from this process, but then leaves a gap in ballot numbers that might need to be accounted for in some way. Aaron concurred that it was easier to refer to a ballot if there were a number assigned; Jos pointed out that in the past this had resulted in numbering gaps that then generated questions later about what happened to those numbers that were skipped. Jos proposed a different solution in which we used SC- in order to create a convenient “handle” for the ballot that didn’t interfere with numbering. Ben Wilson (Mozilla) felt we should keep the current system as it is, and said if a ballot were abandoned once it reached the discussion stage it was relatively easy to note that in the historical record; he also pointed out that a ballot doesn’t need to be in its final form for someone to endorse it. Aaron suggested using the pull-request number for naming draft ballots. Tim Callan (Sectigo) pointed out that if we took the approach of encouraging “early endorsers” we might see people voting no on a ballot they endorsed initially because of the changes since they endorsed it; the group felt it was important in that case to emphasize there was no stigma attached to withdrawing endorsement of a ballot or voting no on a ballot previously endorsed. Dimitris summarized the discussion and encouraged further discussion around this on future calls. The next topic was volunteers around minute-taking. Dimitris explained the rotation system currently in use for minute-takers, and asked that people reach out to him to be added to or removed from the list of minute-takers. V. New Business There were no new-business items from the group. Dimitris adjourned the meeting, noting the next meeting would be 12 February.
January 29, 2026 by Wayne ThayerMinutes: Minutes by Jos Purvis (Fastly) I. Meeting Logistics Dimitris read the note-well. No changes were requested for the agenda. The minutes from the 15 January meeting were approved without changes. II. Membership Applications The membership application of Santosh Pandit as an individual interested party was reviewed and approved without objection. III. Ballots The cleanup ballot currently in its discussion period was reviewed. Kateryna Aleksieieva (Certum) indicated there were no updates on the ballot status, but they hoped to have it completed in January. There are 3 ballots currently in IPR: SC 94, 96, and 97. Ballots 94 and 96 will end their IPR periods on the same day; Dimitris asked the group for guidance on how to treat the release of red-lines and final guidelines for each ballot — whether to release separate versions of the BRs or a single version comparing the two. Corey Bonnell (Digicert) pointed out that this happened a few years ago in the Code-Signing working group and they elected to release each ballot separately, meaning the first ballot had an effective period of about fifteen minutes before the second ballot also took effect. Dimitris pointed out that the table for effective dates doesn’t include timestamps, just dates, so he was thinking of applying a similar approach but separated by a day. The group indicated that would be fine but there was no particular concern with doing separate releases but having both ballots’ effective dates be the same day. Dimitris listed 5 ballots currently under consideration. Corey indicated he had made some changes around dates in SC87 (registration number improvement for EV certificates), updated the PR, and verified the new copy with the current endorsers. Once the endorsers have indicated consent to the changes, he’ll be proceeding with moving this into discussion and formal balloting in the next few weeks. Aaron Gable (ISRG) offered an update on the ballot for cleanups to ADNC names. The significant topic the Validation Subcommittee discussed was the difference between re-using a validation for the applied-for FQDN (which is what the BRs discuss today) versus re-using a validation for the actually-validated ADN (which is what the new version of the BRs included). Aaron and Jacob are preparing an email to update the community on the changes and updates the ballot proposes and hopes to have that out prior to the next Validation Subcommittee meeting. Martijn Katerbarg (Sectigo) is leading the ballot improving CPRs and clarifying revocation: there were no updates on that ballot’s progress. Clint Wilson (Apple) is leading the ballot now numbered SC93. Clint said there’s an excellent comment on the ballot pull request from GTS outlining their thoughts and concerns around the ballot. Clint asked the community for further discussion on whether the ballot offered sufficient value in comparison to cost to advance or should be approached via a different route. Finally, Dimitris reviewed the ballot for an updated timeline for errors affecting CP/CPS deviations. He indicated he had reached out to a few members to get feedback and discussion around the ballot but had not received much back, and would likely add this to discussion at the upcoming face-to-face meeting. IV. Discussion Items — Current Business Ballot Number Allocations Dimitris articulated the concerns around ballot numbering, which currently follows an informal process to allocate ballot numbers. At the moment, the process indicates a ballot number should be assigned once a ballot has achieved some consensus and attached two endorsers; he noted, however, that it’s much easier to have discussions around proposed ballots with a number attached to them for clarity of reference. He also indicated concerns with the currently pending ballot SC93, which has adopted that number from this process, but then leaves a gap in ballot numbers that might need to be accounted for in some way. Aaron concurred that it was easier to refer to a ballot if there were a number assigned; Jos pointed out that in the past this had resulted in numbering gaps that then generated questions later about what happened to those numbers that were skipped. Jos proposed a different solution in which we used SC- in order to create a convenient “handle” for the ballot that didn’t interfere with numbering. Ben Wilson (Mozilla) felt we should keep the current system as it is, and said if a ballot were abandoned once it reached the discussion stage it was relatively easy to note that in the historical record; he also pointed out that a ballot doesn’t need to be in its final form for someone to endorse it. Aaron suggested using the pull-request number for naming draft ballots. Tim Callan (Sectigo) pointed out that if we took the approach of encouraging “early endorsers” we might see people voting no on a ballot they endorsed initially because of the changes since they endorsed it; the group felt it was important in that case to emphasize there was no stigma attached to withdrawing endorsement of a ballot or voting no on a ballot previously endorsed. Dimitris summarized the discussion and encouraged further discussion around this on future calls. The next topic was volunteers around minute-taking. Dimitris explained the rotation system currently in use for minute-takers, and asked that people reach out to him to be added to or removed from the list of minute-takers. V. New Business There were no new-business items from the group. Dimitris adjourned the meeting, noting the next meeting would be 12 February.