CA/Browser Forum

<h2 id="working-groups">Working groups</h2>
The CA/Browser Forum has these working groups:

<ul><li>Server Certificate Working Group, which has subcommittees for Validation and Network Security, which maintains the following standards:
<ul><li>"Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates" (for SSL/TLS)</li>
<li>"Guidelines For The Issuance And Management Of Extended Validation (EV) Certificates" (for SSL/TLS)</li>
<li>"Network and Certificate System Security Requirements"</li></ul></li>
<li>Code Signing Working Group which maintains:
<ul><li>"Baseline Requirements for the Issuance and Management of Publicly-Trusted Code Signing Certificates"</li></ul></li>
<li>S/MIME Certificate Working Group which is developing:
<ul><li>"Baseline Requirements for the Issuance and Management of Publicly-Trusted S/MIME Certificates"</li></ul></li></ul>
<h2 id="history">History</h2>
In 2005, <a href="/facts/Melih_Abdulhayoglu/lNlGPrWC">Melih Abdulhayoglu</a> of the <a href="/facts/Comodo_Group/GMwkszak">Comodo Group</a> organized<a class="footnote-ref" id="fnref:2" href="#fn:2">2</a> the first meeting of CA/Browser Forum. The first meeting was held in New York City. This was followed by a meeting in November 2005 in <a href="/facts/Kanata%2c_Ontario/eLXnv2Mf">Kanata</a>, Ontario, and a meeting in December, 2005, in <a href="/facts/Scottsdale%2c_Arizona/CXoyaSzY">Scottsdale</a>, <a href="/facts/Arizona/6ayM3swJ">Arizona</a> with the main objective to enable secure connections between users and websites.
In addition to CA/Browser Forum members, representatives of the <a href="/facts/Information_Security/horlrCln">Information Security</a> Committee of the <a href="/facts/American_Bar_Association/LAP40u3p">American Bar Association</a> Section of Science & Technology, Law and the <a href="/facts/Canadian_Institute_of_Chartered_Accountants/zKyexbYG">Canadian Institute of Chartered Accountants</a> participated in developing the standards for issuing and managing Extended Validation SSL/TLS certificates. Version 1.0 of the EV Guidelines was adopted on 7 June 2007.<a class="footnote-ref" id="fnref:3" href="#fn:3">3</a>
In November 2011, the CA/Browser Forum adopted version 1.0 of the "Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates" intended to provide minimum security standards for all browser-trusted SSL/TLS certificates. Subsequent versions expanded the Baseline Requirements to directly incorporate requirements from browser root store policy programs such as those of Mozilla and Microsoft.
In January 2013 the CA/Browser Forum's first "Network and Certificate System Security Requirements" took effect defining best practices for the general protection of CA networks and supporting systems.
In February 2013 a new industry group, the <a href="/facts/Certificate_Authority_Security_Council/e51wnzX6">Certificate Authority Security Council</a> (CASC), was formed with a mission that includes promoting CA/Browser Forum standards. Membership requires adherence to CA/Browser Forum standards.<a class="footnote-ref" id="fnref:4" href="#fn:4">4</a> The CASC's founding members consisted Comodo CA (now Sectigo), <a href="/facts/NortonLifeLock/uWvBqako">Symantec</a> (now DigiCert),<a class="footnote-ref" id="fnref:5" href="#fn:5">5</a> <a href="/facts/Trend_Micro/ngD55nSj">Trend Micro</a> (now Entrust), <a href="/facts/DigiCert/2VVTGVSF">DigiCert</a>, <a href="/facts/Entrust/DsA43cRc">Entrust</a>,<a class="footnote-ref" id="fnref:6" href="#fn:6">6</a> <a href="/facts/GlobalSign/arx6gtCV">GlobalSign</a><a class="footnote-ref" id="fnref:7" href="#fn:7">7</a> and <a href="/facts/GoDaddy/01LonA2G">GoDaddy</a>.<a class="footnote-ref" id="fnref:8" href="#fn:8">8</a><a class="footnote-ref" id="fnref:9" href="#fn:9">9</a><a class="footnote-ref" id="fnref:10" href="#fn:10">10</a><a class="footnote-ref" id="fnref:11" href="#fn:11">11</a><a class="footnote-ref" id="fnref:12" href="#fn:12">12</a>
In August 2020, the <a href="/facts/S%2fMIME/YufdsBt3">S/MIME</a> Certificate Working Group<a class="footnote-ref" id="fnref:13" href="#fn:13">13</a> was chartered to create a baseline requirement applicable to CAs that issue S/MIME certificates used to sign, verify, encrypt, and decrypt email.
In September 2020, the CA/Browser Forum adopted version 2.0 of the "Baseline Requirements for the Issuance and Management of Publicly-Trusted Code Signing Certificates", which had previously been maintained outside the group.
In January 2023, the CA/Browser Forum adopted version 1.0 of the "Baseline Requirements for the Issuance and Management of Publicly-Trusted S/MIME Certificates", It defined four types of S/MIME certificate standards. Mailbox-validated, Organization-validated, Sponsor-validated and Individual-validated.<a class="footnote-ref" id="fnref:14" href="#fn:14">14</a>

<h2 id="external-links">External links</h2>
<ul><li><a href="https://cabforum.org/">Official website</a></li>
<li><a href="https://web.archive.org/web/20131216105520/http://support.microsoft.com/kb/931125">"Windows Root Certificate Program members"</a>. Support. Knowledge Base. Microsoft. Jan 11, 2013. 931125. Archived from <a href="http://support.microsoft.com/kb/931125">the original</a> on 2013-12-16. CAs approved for EV in Microsoft IE7</li>
<li><a href="https://technet.microsoft.com/en-us/library/dn265983.aspx">"Configure Trusted Roots and Disallowed Certificates"</a>. TechNet. Certification Authority Guidance. Microsoft. May 5, 2014. dn265983.</li>
<li>Oiaga, Marius (Jun 13, 2007). <a href="http://news.softpedia.com/news/Microsoft-039-s-Internet-Identity-Technology-Gets-Certified-57167.shtml">"Microsoft's Internet Identity Technology Gets Certified"</a>. <a href="/facts/Softpedia/8u1I4nUj">Softpedia</a>.</li></ul>

<h2 id="references">References</h2>

<ol>
<li id="fn:1">"Members of the CA - Browser Forum - Over 50 CAs and All Major Browsers". CA/Browser Forum. 31 August 2013. Archived from the original on 2022-05-03. Retrieved 3 May 2022. <a href="https://cabforum.org/members/" target="_blank">https://cabforum.org/members/</a> <a href="#fnref:1" class="footnote-back-ref">↩</a></li>
<li id="fn:2">"How Can We Improve Code Signing?". 9 May 2008. <a href="http://www.eweek.com/c/a/Security/How-Can-We-Improve-Code-Signing/" target="_blank">http://www.eweek.com/c/a/Security/How-Can-We-Improve-Code-Signing/</a> <a href="#fnref:2" class="footnote-back-ref">↩</a></li>
<li id="fn:3">"GUIDELINES FOR THE ISSUANCE AND MANAGEMENT OF EXTENDED VALIDATION CERTIFICATES v1.0" (PDF). The CA/Browser Forum. <a href="https://cabforum.org/wp-content/uploads/EV_Certificate_Guidelines.pdf" target="_blank">https://cabforum.org/wp-content/uploads/EV_Certificate_Guidelines.pdf</a> <a href="#fnref:3" class="footnote-back-ref">↩</a></li>
<li id="fn:4">"About the CA Security Council". 27 January 2013. Archived from the original on 14 July 2017. Retrieved 20 February 2014. <a href="https://web.archive.org/web/20170714183658/https://casecurity.org/casc/" target="_blank">https://web.archive.org/web/20170714183658/https://casecurity.org/casc/</a> <a href="#fnref:4" class="footnote-back-ref">↩</a></li>
<li id="fn:5">"Let's Build a More Secure Future". Archived from the original on February 17, 2013. <a href="https://web.archive.org/web/20130217082728/http://www.symantec.com/connect/blogs/let-s-build-more-secure-future" target="_blank">https://web.archive.org/web/20130217082728/http://www.symantec.com/connect/blogs/let-s-build-more-secure-future</a> <a href="#fnref:5" class="footnote-back-ref">↩</a></li>
<li id="fn:6">"Entrust Joins World's Leading Certificate Authority". <a href="http://www.entrust.com/news/2013-02-14-Entrust-Joins-Worlds-Leading-CAs-to-Form-Certificate-Authority-Security-Council-Advance-Internet-Security-and-Trusted-SSL-Ecosystem" target="_blank">http://www.entrust.com/news/2013-02-14-Entrust-Joins-Worlds-Leading-CAs-to-Form-Certificate-Authority-Security-Council-Advance-Internet-Security-and-Trusted-SSL-Ecosystem</a> <a href="#fnref:6" class="footnote-back-ref">↩</a></li>
<li id="fn:7">"GlobalSign joins the Certificate Authority Security Council to upgrade internet security". Archived from the original on 2015-07-02. Retrieved 2013-04-02. <a href="https://web.archive.org/web/20150702184430/http://www.thepaypers.com/news/e-identity-security-online-fraud/globalsign-joins-the-certificate-authority-security-council-to-upgrade-internet-security/750211-26" target="_blank">https://web.archive.org/web/20150702184430/http://www.thepaypers.com/news/e-identity-security-online-fraud/globalsign-joins-the-certificate-authority-security-council-to-upgrade-internet-security/750211-26</a> <a href="#fnref:7" class="footnote-back-ref">↩</a></li>
<li id="fn:8">"Get more done with Microsoft Office 365 from GoDaddy". Archived from the original on 2013-11-11. Retrieved 2013-04-02. <a href="https://web.archive.org/web/20131111090725/http://inside.godaddy.com/announcing-certificate-authority-security-council/" target="_blank">https://web.archive.org/web/20131111090725/http://inside.godaddy.com/announcing-certificate-authority-security-council/</a> <a href="#fnref:8" class="footnote-back-ref">↩</a></li>
<li id="fn:9">"Authentication Security News, Analysis, Discussion, & Community". Archived from the original on 2013-04-10. <a href="https://archive.today/20130410174711/http://www.darkreading.com/authentication/167901072/security/news/240148546/major-certificate-authorities-unite-in-the-name-of-ssl-security.html" target="_blank">https://archive.today/20130410174711/http://www.darkreading.com/authentication/167901072/security/news/240148546/major-certificate-authorities-unite-in-the-name-of-ssl-security.html</a> <a href="#fnref:9" class="footnote-back-ref">↩</a></li>
<li id="fn:10">"Multivendor power council formed to address digital certificate issues - Network World". Archived from the original on 2013-07-28. Retrieved 2013-04-02. <a href="https://web.archive.org/web/20130728114851/http://www.networkworld.com/news/2013/021413-council-digital-certificate-266728.html" target="_blank">https://web.archive.org/web/20130728114851/http://www.networkworld.com/news/2013/021413-council-digital-certificate-266728.html</a> <a href="#fnref:10" class="footnote-back-ref">↩</a></li>
<li id="fn:11">"Website Certificate Authorities Set Up Security Council for Advocacy, Research". <a href="http://www.cmswire.com/cms/customer-experience/website-certificate-authorities-set-up-security-council-for-advocacy-research-019619.php" target="_blank">http://www.cmswire.com/cms/customer-experience/website-certificate-authorities-set-up-security-council-for-advocacy-research-019619.php</a> <a href="#fnref:11" class="footnote-back-ref">↩</a></li>
<li id="fn:12">"SSL Certificate Authority Security Council Takes Root | Electronic Staff". Archived from the original on 2014-07-14. Retrieved 2013-04-02. <a href="https://web.archive.org/web/20140714155147/http://electronicstaff.com/2013/ssl-certificate-authority-security-council-takes-root" target="_blank">https://web.archive.org/web/20140714155147/http://electronicstaff.com/2013/ssl-certificate-authority-security-council-takes-root</a> <a href="#fnref:12" class="footnote-back-ref">↩</a></li>
<li id="fn:13">CA/Browser Forum S/MIME Certificate Working Group https://cabforum.org/working-groups/smime-certificate-wg/ <a href="https://cabforum.org/working-groups/smime-certificate-wg/" target="_blank">https://cabforum.org/working-groups/smime-certificate-wg/</a> <a href="#fnref:13" class="footnote-back-ref">↩</a></li>
<li id="fn:14">"CA/Browser Forum S/MIME Baseline Requirements" (PDF). CA/Browser Forum. Retrieved 4 April 2023. <a href="https://cabforum.org/wp-content/uploads/CA-Browser-Forum-SMIMEBR-1.0.0.pdf" target="_blank">https://cabforum.org/wp-content/uploads/CA-Browser-Forum-SMIMEBR-1.0.0.pdf</a> <a href="#fnref:14" class="footnote-back-ref">↩</a></li>
</ol>

CA/Browser Forum open-in-new

CA/Browser Forum