27:
120:
As of May 2022, the consortium includes 54 certificate issuers, 11 certificate consumer vendors, and industry standards and audit bodies including the
European Accredited Conformity Assessment Bodies’ Council (ACAB’C), the WebTrust Task Force, and the European Telecommunications Standards
211:
In
November 2011, the CA/Browser Forum adopted version 1.0 of the "Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates" intended to provide minimum security standards for all browser-trusted SSL/TLS certificates. Subsequent versions expanded the Baseline
261:
In
January 2023, the CA/Browser Forum adopted version 1.0 of the "Baseline Requirements for the Issuance and Management of Publicly-Trusted S/MIME Certificates", It defined four types of S/MIME certificate standards. Mailbox-validated, Organization-validated, Sponsor-validated and
394:
257:
In
September 2020, the CA/Browser Forum adopted version 2.0 of the "Baseline Requirements for the Issuance and Management of Publicly-Trusted Code Signing Certificates", which had previously been maintained outside the group.
444:
223:(CASC), was formed with a mission that includes promoting CA/Browser Forum standards. Membership requires adherence to CA/Browser Forum standards. The CASC's founding members consisted Comodo CA (now Sectigo),
380:
215:
In
January 2013 the CA/Browser Forum's first "Network and Certificate System Security Requirements" took effect defining best practices for the general protection of CA networks and supporting systems.
398:
448:
254:
Certificate
Working Group was chartered to create a baseline requirement applicable to CAs that issue S/MIME certificates used to sign, verify, encrypt, and decrypt email.
487:
208:
participated in developing the standards for issuing and managing
Extended Validation SSL/TLS certificates. Version 1.0 of the EV Guidelines was adopted on 7 June 2007.
501:
462:
419:
362:
181:
organized the first meeting of CA/Browser Forum. The first meeting was held in New York City. This was followed by a meeting in
November 2005 in
870:
746:
611:
205:
137:
Server
Certificate Working Group, which has subcommittees for Validation and Network Security, which maintains the following standards:
691:
697:
212:
Requirements to directly incorporate requirements from browser root store policy programs such as those of
Mozilla and Microsoft.
841:
685:
220:
53:
Provide internet security industry standards for certificate authorities and certificate consumers such as Internet browsers
1142:
963:
505:
1172:
779:
466:
885:
673:
644:
579:
1182:
1106:
798:
1111:
708:
423:
1177:
538:
923:
893:
792:
283:
336:
903:
773:
319:
1084:
847:
366:
140:"Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates" (for SSL/TLS)
943:
875:
814:
305:
154:"Baseline Requirements for the Issuance and Management of Publicly-Trusted Code Signing Certificates"
90:
93:-enabled applications that promulgates industry guidelines governing the issuance and management of
1064:
1027:
994:
667:
653:
201:
143:"Guidelines For The Issuance And Management Of Extended Validation (EV) Certificates" (for SSL/TLS)
106:
1167:
825:
809:
714:
804:
768:
679:
162:"Baseline Requirements for the Issuance and Management of Publicly-Trusted S/MIME Certificates"
1131:
1032:
752:
637:
82:
598:
526:
197:
98:
395:"GlobalSign joins the Certificate Authority Security Council to upgrade internet security"
8:
186:
463:"Multivendor power council formed to address digital certificate issues - Network World"
1048:
763:
174:
999:
725:
320:"GUIDELINES FOR THE ISSUANCE AND MANAGEMENT OF EXTENDED VALIDATION CERTIFICATES v1.0"
1004:
820:
630:
114:
86:
730:
193:
with the main objective to enable secure connections between users and websites.
182:
488:"Website Certificate Authorities Set Up Security Council for Advocacy, Research"
502:"SSL Certificate Authority Security Council Takes Root | Electronic Staff"
224:
105:
embedded in such applications. Its guidelines cover certificates used for the
1161:
785:
720:
1079:
853:
178:
110:
102:
587:
228:
280:"Members of the CA - Browser Forum - Over 50 CAs and All Major Browsers"
1126:
240:
1121:
933:
898:
615:
605:. Certification Authority Guidance. Microsoft. May 5, 2014. dn265983.
445:"Authentication Security News, Analysis, Discussion, & Community"
938:
928:
913:
232:
978:
973:
958:
948:
586:. Knowledge Base. Microsoft. Jan 11, 2013. 931125. Archived from
244:
236:
190:
279:
196:
In addition to CA/Browser Forum members, representatives of the
26:
1136:
1089:
1069:
968:
953:
918:
340:
251:
622:
1116:
1074:
908:
703:
94:
122:
612:"Microsoft's Internet Identity Technology Gets Certified"
527:
https://cabforum.org/working-groups/smime-certificate-wg/
571:
89:
and secure email software, operating systems, and other
62:
420:"Get more done with Microsoft Office 365 from GoDaddy"
159:
S/MIME Certificate Working Group which is developing:
146:"Network and Certificate System Security Requirements"
599:"Configure Trusted Roots and Disallowed Certificates"
381:"Entrust Joins World's Leading Certificate Authority"
525:CA/Browser Forum S/MIME Certificate Working Group
204:Section of Science & Technology, Law and the
1159:
668:Transport Layer Security / Secure Sockets Layer
539:"CA/Browser Forum S/MIME Baseline Requirements"
185:, Ontario, and a meeting in December, 2005, in
133:The CA/Browser Forum has these working groups:
437:
871:Export of cryptography from the United States
638:
747:Automated Certificate Management Environment
151:Code Signing Working Group which maintains:
219:In February 2013 a new industry group, the
206:Canadian Institute of Chartered Accountants
692:DNS-based Authentication of Named Entities
645:
631:
580:"Windows Root Certificate Program members"
25:
698:DNS Certification Authority Authorization
1160:
842:Domain Name System Security Extensions
686:Application-Layer Protocol Negotiation
272:
221:Certificate Authority Security Council
626:
609:
75:Certification Authority Browser Forum
16:Consortium of certificate authorities
592:CAs approved for EV in Microsoft IE7
13:
780:Online Certificate Status Protocol
363:"Let's Build a More Secure Future"
306:"How Can We Improve Code Signing?"
14:
1194:
674:Datagram Transport Layer Security
563:
339:. 27 January 2013. Archived from
128:
1107:Certificate authority compromise
1112:Random number generator attacks
799:Extended Validation Certificate
652:
531:
519:
494:
480:
455:
337:"About the CA Security Council"
286:from the original on 2022-05-03
81:, is a voluntary consortium of
709:HTTP Strict Transport Security
610:Oiaga, Marius (Jun 13, 2007).
412:
387:
373:
355:
329:
312:
298:
1:
265:
793:Domain-validated certificate
117:of certificate authorities.
7:
774:Certificate revocation list
10:
1199:
848:Internet Protocol Security
661:Protocols and technologies
168:
1173:Public key infrastructure
1099:
1057:
1041:
1020:
1013:
987:
884:
876:Server-Gated Cryptography
863:
834:
815:Public key infrastructure
740:Public-key infrastructure
739:
660:
83:certification authorities
57:
49:
45:Professional organization
41:
33:
24:
1028:Man-in-the-middle attack
995:Certificate Transparency
202:American Bar Association
113:, as well as system and
1183:Certificate authorities
1139:(in regards to TLS 1.0)
1092:(in regards to SSL 3.0)
826:Self-signed certificate
810:Public-key cryptography
731:Perfect forward secrecy
715:HTTP Public Key Pinning
325:. The CA/Browser Forum.
1143:Kazakhstan MITM attack
805:Public key certificate
769:Certificate revocation
680:Server Name Indication
262:Individual-validated.
1132:Lucky Thirteen attack
1033:Padding oracle attack
753:Certificate authority
369:on February 17, 2013.
1178:Secure communication
282:. CA/Browser Forum.
250:In August 2020, the
198:Information Security
99:digital certificates
77:, also known as the
21:
1049:Bar mitzvah attack
764:Certificate policy
175:Melih Abdulhayoglu
19:
1155:
1154:
1151:
1150:
726:Opportunistic TLS
200:Committee of the
71:
70:
1190:
1018:
1017:
1005:HTTPS Everywhere
821:Root certificate
759:CA/Browser Forum
647:
640:
633:
624:
623:
619:
606:
594:
575:
574:
572:Official website
557:
556:
554:
552:
546:CA/Browser Forum
543:
535:
529:
523:
517:
516:
514:
513:
504:. Archived from
498:
492:
491:
484:
478:
477:
475:
474:
465:. Archived from
459:
453:
452:
447:. Archived from
441:
435:
434:
432:
431:
422:. Archived from
416:
410:
409:
407:
406:
397:. Archived from
391:
385:
384:
377:
371:
370:
365:. Archived from
359:
353:
352:
350:
348:
333:
327:
326:
324:
316:
310:
309:
302:
296:
295:
293:
291:
276:
227:(now DigiCert),
115:network security
107:SSL/TLS protocol
101:that chain to a
87:Internet browser
79:CA/Browser Forum
67:
64:
29:
22:
20:CA/Browser Forum
18:
1198:
1197:
1193:
1192:
1191:
1189:
1188:
1187:
1158:
1157:
1156:
1147:
1095:
1053:
1037:
1014:Vulnerabilities
1009:
983:
886:Implementations
880:
859:
830:
735:
656:
651:
597:
590:on 2013-12-16.
578:
570:
569:
566:
561:
560:
550:
548:
541:
537:
536:
532:
524:
520:
511:
509:
500:
499:
495:
486:
485:
481:
472:
470:
461:
460:
456:
443:
442:
438:
429:
427:
418:
417:
413:
404:
402:
393:
392:
388:
379:
378:
374:
361:
360:
356:
346:
344:
343:on 14 July 2017
335:
334:
330:
322:
318:
317:
313:
304:
303:
299:
289:
287:
278:
277:
273:
268:
231:(now Entrust),
171:
131:
61:
17:
12:
11:
5:
1196:
1186:
1185:
1180:
1175:
1170:
1168:Key management
1153:
1152:
1149:
1148:
1146:
1145:
1140:
1134:
1129:
1124:
1119:
1114:
1109:
1103:
1101:
1100:Implementation
1097:
1096:
1094:
1093:
1087:
1082:
1077:
1072:
1067:
1061:
1059:
1055:
1054:
1052:
1051:
1045:
1043:
1039:
1038:
1036:
1035:
1030:
1024:
1022:
1015:
1011:
1010:
1008:
1007:
1002:
997:
991:
989:
985:
984:
982:
981:
976:
971:
966:
961:
956:
951:
946:
941:
936:
931:
926:
921:
916:
911:
906:
901:
896:
890:
888:
882:
881:
879:
878:
873:
867:
865:
861:
860:
858:
857:
851:
845:
838:
836:
832:
831:
829:
828:
823:
818:
812:
807:
802:
796:
790:
789:
788:
783:
777:
766:
761:
756:
750:
743:
741:
737:
736:
734:
733:
728:
723:
718:
712:
706:
701:
695:
689:
683:
677:
671:
664:
662:
658:
657:
650:
649:
642:
635:
627:
621:
620:
607:
595:
576:
565:
564:External links
562:
559:
558:
530:
518:
493:
479:
454:
451:on 2013-04-10.
436:
411:
386:
372:
354:
328:
311:
297:
270:
269:
267:
264:
170:
167:
166:
165:
164:
163:
157:
156:
155:
149:
148:
147:
144:
141:
130:
129:Working groups
127:
69:
68:
59:
55:
54:
51:
47:
46:
43:
39:
38:
35:
31:
30:
15:
9:
6:
4:
3:
2:
1195:
1184:
1181:
1179:
1176:
1174:
1171:
1169:
1166:
1165:
1163:
1144:
1141:
1138:
1135:
1133:
1130:
1128:
1125:
1123:
1120:
1118:
1115:
1113:
1110:
1108:
1105:
1104:
1102:
1098:
1091:
1088:
1086:
1083:
1081:
1078:
1076:
1073:
1071:
1068:
1066:
1063:
1062:
1060:
1056:
1050:
1047:
1046:
1044:
1040:
1034:
1031:
1029:
1026:
1025:
1023:
1019:
1016:
1012:
1006:
1003:
1001:
998:
996:
993:
992:
990:
986:
980:
977:
975:
972:
970:
967:
965:
962:
960:
957:
955:
952:
950:
947:
945:
942:
940:
937:
935:
932:
930:
927:
925:
922:
920:
917:
915:
912:
910:
907:
905:
902:
900:
897:
895:
894:Bouncy Castle
892:
891:
889:
887:
883:
877:
874:
872:
869:
868:
866:
862:
855:
852:
849:
846:
843:
840:
839:
837:
833:
827:
824:
822:
819:
816:
813:
811:
808:
806:
803:
800:
797:
794:
791:
787:
786:OCSP stapling
784:
781:
778:
775:
772:
771:
770:
767:
765:
762:
760:
757:
754:
751:
748:
745:
744:
742:
738:
732:
729:
727:
724:
722:
721:OCSP stapling
719:
716:
713:
710:
707:
705:
702:
699:
696:
693:
690:
687:
684:
681:
678:
675:
672:
669:
666:
665:
663:
659:
655:
648:
643:
641:
636:
634:
629:
628:
625:
617:
613:
608:
604:
600:
596:
593:
589:
585:
581:
577:
573:
568:
567:
547:
540:
534:
528:
522:
508:on 2014-07-14
507:
503:
497:
489:
483:
469:on 2013-07-28
468:
464:
458:
450:
446:
440:
426:on 2013-11-11
425:
421:
415:
401:on 2015-07-02
400:
396:
390:
382:
376:
368:
364:
358:
342:
338:
332:
321:
315:
308:. 9 May 2008.
307:
301:
285:
281:
275:
271:
263:
259:
255:
253:
248:
246:
242:
238:
234:
230:
226:
222:
217:
213:
209:
207:
203:
199:
194:
192:
188:
184:
180:
176:
161:
160:
158:
153:
152:
150:
145:
142:
139:
138:
136:
135:
134:
126:
124:
118:
116:
112:
108:
104:
100:
96:
92:
88:
85:, vendors of
84:
80:
76:
66:
60:
56:
52:
48:
44:
40:
36:
32:
28:
23:
854:Secure Shell
758:
602:
591:
588:the original
583:
549:. Retrieved
545:
533:
521:
510:. Retrieved
506:the original
496:
482:
471:. Retrieved
467:the original
457:
449:the original
439:
428:. Retrieved
424:the original
414:
403:. Retrieved
399:the original
389:
375:
367:the original
357:
345:. Retrieved
341:the original
331:
314:
300:
288:. Retrieved
274:
260:
256:
249:
218:
214:
210:
195:
179:Comodo Group
172:
132:
119:
111:code signing
103:trust anchor
78:
74:
72:
1000:Convergence
654:TLS and SSL
347:20 February
229:Trend Micro
121:Institute (
1162:Categories
1127:Heartbleed
512:2013-04-02
473:2013-04-02
430:2013-04-02
405:2013-04-02
266:References
241:GlobalSign
187:Scottsdale
1122:goto fail
934:MatrixSSL
899:BoringSSL
670:(TLS/SSL)
616:Softpedia
173:In 2005,
1058:Protocol
988:Notaries
964:SChannel
939:mbed TLS
929:LibreSSL
914:cryptlib
844:(DNSSEC)
835:See also
284:Archived
233:DigiCert
225:Symantec
63:cabforum
979:wolfSSL
974:stunnel
959:s2n-tls
949:OpenSSL
864:History
850:(IPsec)
603:TechNet
584:Support
551:4 April
245:GoDaddy
237:Entrust
191:Arizona
177:of the
169:History
58:Website
34:Founded
1137:POODLE
1090:POODLE
1085:Logjam
1070:BREACH
1042:Cipher
1021:Theory
969:SSLeay
954:Rustls
919:GnuTLS
782:(OCSP)
749:(ACME)
717:(HPKP)
711:(HSTS)
694:(DANE)
688:(ALPN)
676:(DTLS)
252:S/MIME
183:Kanata
1117:FREAK
1080:DROWN
1075:CRIME
1065:BEAST
909:BSAFE
904:Botan
856:(SSH)
817:(PKI)
776:(CRL)
704:HTTPS
700:(CAA)
682:(SNI)
542:(PDF)
323:(PDF)
290:3 May
95:X.509
50:Focus
924:JSSE
801:(EV)
795:(DV)
755:(CA)
553:2023
349:2014
292:2022
243:and
123:ETSI
109:and
97:v.3
73:The
65:.org
42:Type
37:2005
944:NSS
125:).
91:PKI
1164::
614:.
601:.
582:.
544:.
247:.
239:,
235:,
189:,
646:e
639:t
632:v
618:.
555:.
515:.
490:.
476:.
433:.
408:.
383:.
351:.
294:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.