CA/Browser Forum
Home » Working Groups

Working Groups

Working Groups From time to time the CA / Browser Forum charters working groups to study current issues and develop strategies and guidelines to improve CA operations, certificate profiles, and processing. Previous working groups developed the Baseline Requirements, prepared governance proposals, worked on CA network and certificate system security, and revocation methods. With the adoption of version 1.9 of the Bylaws, effective July 3, 2018, the Working Group is the primary venue for the adoption of Forum Guidelines. Under Section 5.3.1(e) of the Bylaws, a Chartered Working Group (CWG) “may establish any number of subcommittees within its own Working Group to address any of such CWG’s business (each, a “Subcommittee”).” Section 5.3.4 of the Bylaws provides that a “Legacy” Working Group (“LWG”) has the option of (a) converting to a Subcommittee under a CWG pursuant to Section 5.3.1(e), (b) immediately terminating, or (c) continuing in effect without change for 6 months following such approval. For an LWG to continue beyond such 6 months, it must have a charter approved as described in Section 5.3.1 above, as if it was a new Working Group.

Legacy Working Groups

Current LWGs include: the Validation Working Group, the Network Security Working Group, and the Policy Review Working Group,

Currently Active Working Groups Concurrent with the adoption of version 1.9 of the Bylaws, the Forum chartered the Server Certificate Working Group with the following scope of business:

  1. To specify Baseline Requirements, Extended Validation Guidelines, Network and Certificate System Security Requirements, and other acceptable practices for the issuance and management of SSL/TLS server certificates used for authenticating servers accessible through the Internet.
  2. To update such requirements and guidelines from time to time, in order to address both existing and emerging threats to online security, including responsibility for the maintenance of and future amendments to the current CA/Browser Forum Baseline Requirements, Extended Validation Requirements, and Network and Certificate System Security Requirements.
  3. To perform such other activities that are ancillary to the primary activities listed above.

Interested Parties

In order to participate as an Interested Party in the Forum / Working Group, you need to:

  1. Review the Intellectual Property Rights policy and complete the IPR agreement found there; and
  2. Send an email to questions@cabforum.org with your name, organization (if applicable), contact details and the signed IPR agreement with the subject: Participation as an Interested Party in the [Working Group Name] Working Group.
Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).