June CA/B Forum meeting

On June 6-8, 2022, in Warsaw, Poland, Asseco Data Systems had the pleasure to organize the first post-pandemic European meeting of the CA and Browser Forum (CA/B Forum). Around 30 representatives of browsers and certification authorities from around the world participated in a discussion of current topics the Forum is working on. The meeting was held in a hybrid format, with some forum members participating remotely.

Operating since 2005, the CA and Browser Forum is a voluntary group of Certification Authorities (CAs) of providers of web browser software and other applications that use S/MIME, Code Signing and SSL type certificates. The forum deals with, the creation of standards for the issuance of the aforementioned certificates, cooperation between certification authorities and software providers, and also supports the creation of audit requirements.

Representatives of the browsers announced changes in policies, including the introduction of mandatory cyclical self-assessments for Certification Authorities, which will be submitted to the browsers, and a change in policy regarding SCT tags. There was also a reminder of the existing requirements for Certification Authorities especially in connection with security incidents involving the erroneous issuance of certificates. Regarding long-term goals, the role of automation in the process of exchanging SSL certificates was emphasized, as well as the need to further shorten the validity period of these certificates in order to ensure an increasing level of security. The most exciting topic, however, was that of the S/MIME certificate requirements document that is currently being created. A particularly interesting discussion concerned the requirements of the fields for these certificates, as due to differences in the approach to how companies are registered in different countries, verification of the addresses of the organizations whose data is included in the certificates can be problematic. Work on the new document is nearing completion, and soon all Certification Authorities will have to comply with the new requirements, which will become mandatory for all of them.

A large chunk of the meeting was devoted to updates on ETSI and WebTrust audits. It was stressed that despite the removal of covid-related restrictions in many countries, there are still some cases where audit procedures may be changed due to the current epidemic situation. The face to face meeting is also a time to summarize the work of the Forum’s working groups since the last meeting. It can be seen that all groups are working vigorously to implement changes that improve CAs’ services.

We are very pleased that we were able to hold the CA/B Forum meeting for the first time and under such unique post-pandemic circumstances. Our guests also had the opportunity to get to know Warsaw, taste Polish cuisine, and take part in the Trusted Economy Forum, which was held at the same time.