Final Minutes of the May 7, 2026 CA/B Forum

23 views
Skip to first unread message

Dean Coclin

unread,
May 21, 2026, 12:05:35 PM (12 days ago) May 21
to 'Dimitris Zacharopoulos' via Public (CA/B Forum)

Here are the final minutes of the subject meeting.

 

1. Begin Recording - Roll Call

2. Reading of Note-well

The Note-Well was read

3. Review of Agenda

No changes

4. Minutes approval

  • April 9, 2026 Teleconference – Draft minutes have not been distributed yet
  • April 23, 2026 Teleconference - Draft minutes have not been distributed yet

5. Server Certificate WG Update (Dimitris)

  • Significant progress made in resolving GitHub issues, particularly cleanup-related items, remaining 7 cleanup issues out of 67 in total.
  • Ongoing ballots reviewed, no major updates except for Wayne’s ballot transitioning into the voting phase
  • Proposal introduced to require at least two endorsers before reserving a ballot number, Discussion held on whether this requirement should remain mandatory or be adjusted

5.1 Validation WG(Corney)

  • Ongoing discussion around domain ownership clarification ballot
  • Discussion evolved to include EV (Extended Validation) data reuse, Anticipated revision of the ballot proposal based on feedback

6. Code Signing Certificate WG Update (Martijn)

  • One active ballot currently in the voting phase for making use of Reserved Policy OID mandatory in code signing certificates.
  • Voting members (including Microsoft representatives) urged to participate before deadline (May 11)

7. S/MIME Certificate WG update (Stephen)

·        SHA-1 deprecation ballot (SMC) completed intellectual property review and is now effective

·        SMC17 introduced to Increase in RSA key size requirements for Root and Issuing CAs, new requirements effective September this year and phase-out of smaller keys by September next year

  • Continued work on pseudonym handling, close to defining a resolution and moving toward ballot stage

8. NetSec WG update (Clint)

·        Draft ballot NS-009 discussed (led by Corey Bonnell), Ballot expected to enter formal discussion phase shortly (by next week). Members encouraged to review PR and provide input early

9. Definitions and Glossary WG update (Tim H.)

  • A list of interested participants has been compiled and will be reconfirmed via email to ensure continued engagement.
  • A draft glossary document has been prepared and is ready to be shared with participants, the draft will be distributed to WG members for review and feedback.
  • Participants will be given several weeks to provide comments and suggested updates.

10. Forum Infrastructure Subcommittee update (Jos)

  • Committee chairs and vice-chairs were reminded to update the forum wiki page with current meeting details, including Webex links and schedules to ensure accessibility for participants, particularly new members or those joining from different devices without calendar access.
  • The Slack workspace continues to be used for informal discussions and coordination among members, it is not an official communication or record-keeping platform due to limited message retention and lack of archival guarantees.
  • Reviewing improvements to the redline document process, including possible simplification or guidance for local generation if tooling limitations persist.
  • Ongoing work to enhance GitHub integration, including adding user identifiers and enabling automation for access management.
  • It was identified that some historical wiki attachments (e.g., IPR-related documents) are currently unavailable due to prior archival changes.
  • Ongoing investigation into email delivery and spam filtering issues affecting CAB Forum mailing lists

11. IPR Update (Ben)

  • There are still multiple agreements pending submission, the due date for IPR agreement submissions is June 1,

12. Any other Business (Dean)

  • Call for CA Presentations: A formal call for presentation proposals from CAs for the June 4 meeting. Topics may include CA or auditor perspectives, beyond standard root program updates, and Presentations are expected to be approximately 20–30 minutes in length.
  • Fall Election Planning: An overview of the upcoming fall election process was provided(Elections are conducted at the plenary level (per bylaws), Current officer terms end November 30, Nomination period will begin before October 1, with a two-week nomination window). Dean confirmed eligibility from each WG, a detailed email outlining eligibility and process will be distributed.
  • Guest Speakers (Vienna Meeting): Initial outreach has been made to potential guest speakers for the Vienna meeting, Additional suggestions for speakers or topics are encouraged from participants, Presentations may be delivered in-person or remotely.
  • Vienna Meeting Update: Dates are confirmed for September 22–24, Location will be central Vienna (TBD), Further logistical details will be shared once finalized.

13. Next Call (Dean)

  • May 21,  Hosting arrangements will be confirmed separately.

Attendees

Aaron Poulsen (SSL.com), Adriano Santoni (Actalis), Andrea Holland (IdenTrust), Atsushi INABA (GlobalSign), Ben (Chunghwa Telecom), Ben Wilson (Mozilla), Chad Dandar, Chris Clements (Google Chrome), Clint Wilson(Apple), Corey Bonnell (DigiCert), Corey Rasmussen (OATI), Cynetheia Brown (FPKIMA), Dean Coclin (DigiCert), Dimitris Zacharopoulos (HARICA), Dustin Hollenback, Eric Kramer (Sectigo), Georgy Sebastian (Amazon Trust Services), Greg Tomko (GlobalSign), Hazhar Ismail (MSC Trustgate), Hogeun Yoo (NAVER CLOUD), Inigo Barreira(Sectigo), Janet Hines (SSL.com), Jeff Ward (Aprio), Johnny Reading (GoDaddy), John Mason (Microsoft Corp), Jos Purvis (Fastly), Jun Okura (Cybertrust), Karolina Ruszczynska (Certum), Kateryna Aleksieieva (Certum by Asseco), Kiran Tummala(Microsoft), kiran Tummlala (Apple), Lucy Buecking (IdenTrust), Luis Cervantes (SSL.com), Luis Osses (Amazon Trust Services), Mahua Chaudhuri (Microsoft), Martijn Katerbarg (Sectigo), Masaru Sakamoto (Cybertrust Japan), Matthew McPherrin (ISRG), Michael Slaughter (Amazon Trust Services), Michelle Coon(OATI), Miguel Sanchez (GTS), Nate Smith (GoDaddy), Nome Huang (TrustAsia), ONO Fumiaki (SECOM Trust Systems), Paul van Brouwershaven (Digitorus), Peter Miskovic (Disig), Rebecca Kelley (SSL.com), Rich Smith (DigiCert), Rob White (GoDaddy), Rollin Yu (TrustAsia), Roman Fischer (SwissSign), Sándor SZŐKE, dr. (Microsec), Sandy Balzer (SwissSign), Scott Rea (eMudhra), Sean Huang (TWCA), Stephen Davidson (DigiCert), Steven Deitte (GoDaddy), Tadahiko ITO (SECOM), Thomas Zermeno (SSL.com), Tim Callan (Sectigo), Tobias Josefowitz (Opera), Trevoli Ponds-White (Amazon Trust Services), Tsung-Min Kuo (Chunghwa Telecom), wendy brown (FPKIMA).

 

 

 

Reply all
Reply to author
Forward
0 new messages