Final Minutes of the May 21, 2026 CA/B Forum Meeting

34 views
Skip to first unread message

Dean Coclin

unread,
Jun 4, 2026, 11:08:57 AMJun 4
to 'Nagelkerke, Marijn' via Public (CA/B Forum)

Meeting Title: CA/Browser Forum  Date: 21 May 2026
Chair: Dimitris Zacharopoulos
Minutes Taken By: Wayne Thayer

1. Begin Recording - Roll Call

2. Reading of Note-well

The Note-Well was read

3. Review of Agenda

No changes

4. Minutes approval

  • April 9th - Approved
  • April 23rd - Approved
  • May 7th - Atsushi Inaba posted the following corrections in chat:
    • Code Signing Certificate WG Update (Martijn)
      • • One active ballot currently in the voting phase for making use of timestamping service requirements mandatory
      • not "making use of timestamping service requirements mandatory" but "making use of Reserved Policy OID mandatory in Code Signing certificates"
    • Any other Business (Dean)
      • Vienna Meeting Update: Dates are confirmed for October 22-24, Location will be central Vienna (TBD), Further logistical details will be shared once finalized.
      • not "October" but "September"
    • Minutes were approved with the noted changes.

5. Server Certificate SC Update (Dimitris)

  • Discussion on the ML-DSA ballot
    • Concerns raised about scalability of the CT ecosystem.

5.1 Validation WG(Corey)

  • Last week the Subcommittee discussed Rich Smith’s DNSSEC clarification ballot.
  • Ballot discussions will continue at the next meeting..

6. Code Signing Certificate WG Update (Martijn)

  • Code signing and time stamping OID ballot is in IPR review.
  • Server Certificate alignment ballot will re-enter discussion period next week now that all concerns have been addressed.

7. S/MIME Certificate WG update (Stephen)

  • SMC017 (increase minimum RSA key size) ballot was in the voting period when new concerns were raised. Ballot withdrawn, is being updated with a minimum key size of RSA 3072 with carve outs for certain types of certificates, e.g. delegated OCSP responder certs.
  • Pseudonym ballot is in progress with updates to tagging and uniqueness requirements.

8. NetSec WG update (Clint)

  • Ballot NS-009 discussion around different CA operating environment definitions and the interactions with things like log systems.
  • Trevoli Ponds-White  said that she, Martijn, and Roman will work on a location definition that reflects the status quo..

9. Definitions and Glossary WG update (Tim H.)

  • A document classifying existing definitions from all the BRs was sent out for review this week.

10. Forum Infrastructure Subcommittee update (Jos)

  • No meeting since the last Forum meeting.

11. IPR Update (Ben)

  • Ben Wilson hasn’t tallied the percentage of signed agreements, but 49 have been submitted.
  • Ben expressed concerns over quorum.
  • Ben reminded members that they will be suspended from voting if they have not submitted their updated IPR agreement by June 1. They can still participate in meetings. 3 months later their membership is revoked.
  • Dimitris said that he and Dean will work with Ben to send out reminders next week.

13. Any other Business (Dimitris)

  • CA Presentations for June 4th Meeting: 4 CAs, 1 auditor submission so far
    • Control Based Audits Compared to Other Audits Testing Approach Sampling Methods and Procedures (Lilia Dubko)
    • Digital Identity for Agentic AI (Jason Soroko)
    • Merkle Tree Certs. Why they're important, how they work, their standardization status, their implementation status, and our own experience implementing them as a CA.(Aaron Gable)
    • 2 others have not been confirmed, will probably be moved to a future meeting
  • Next F2F meeting is Vienna, Sept 22-24
    • Location is Vienna Parliament
    • Hotel details will be provided soon.

 

14. Next Call (Dimitris)

  • June 4th (Will be dedicated to CA presentations – 1.5hrs. No updates from WGs)

15. Adjourn

Attendees

Aaron Gable (Let's Encrypt), Aaron Poulsen (SSL.com), Adam Fiock (SSL.com), Adam Jones (Microsoft), Adriano Santoni (Actalis S.p.A.), Andrea Holland (IdenTrust), Arman Asemani (Apple), Ben Wilson (Mozilla), Chris Clements (Google), Clint Wilson (Apple), Corey Bonnell (DigiCert), Corey Rasmussen (OATI), Cynethia Brown (US Federal PKI Management Authority), Daryn Wright (Apple), Dimitris Zacharopoulos (HARICA), Dustin Hollenback (Apple), Eric Kramer (Sectigo), Ethan Davis (Google), Georgy Sebastian (Amazon), Gregory Tomko (GlobalSign), Gurleen Grewal (Google), Hogeun Yoo (NAVER Cloud Trust Services), Inaba Atsushi (GlobalSign), Iñigo Barreira (Sectigo), Jaime Hablutzel (OISTE Foundation), Janet Hines (SSL.com), Jeanette Snook (Visa), John Mason (Microsoft), Johnny Reading (GoDaddy), Jos Purvis (Fastly), Jun Okura (Cybertrust Japan), Karina Sirota (Microsoft), Kateryna Aleksieieva (Asseco Data Systems SA (Certum)), Kiran Tummala (Apple), Li-Chun Chen (Chunghwa Telecom), Lilia Dubko (CPA Canada/WebTrust), Luis Osses (Amazon), Lynn Jeun (Visa), Martijn Katerbarg (Sectigo), Matthew McPherrin (Let's Encrypt), Michelle Coon (OATI), Miguel Sanchez (Google), Nome Huang (TrustAsia), Ono Fumiaki (SECOM Trust Systems), Paul van Brouwershaven (Entrust), Pedro Fuentes (OISTE Foundation), Peter Miskovic (Disig), Rebecca Kelly (SSL.com), Rich Smith (DigiCert), Rob White (GoDaddy), Roman Fischer (SwissSign), Sándor Szőke (Microsec), Sandy Balzer (SwissSign), Scott Rea (eMudhra), Sean Huang (TWCA), Stephen Davidson (DigiCert), Tadahiko Ito (SECOM Trust Systems), Tathan Thacker (IdenTrust), Tobias Josefowitz (Opera Software AS), Trevoli Ponds-White (Amazon), Tsung-Min Kuo (Chunghwa Telecom), Wayne Thayer (Fastly), Wendy Brown (US Federal PKI Management Authority)

 

Reply all
Reply to author
Forward
0 new messages