 | |
| Founded | 2005 |
|---|---|
| Type | Professional organization |
| Focus | Provide internet security industry standards for certificate authorities and certificate consumers such as web browsers |
| Website | cabforum |
TheCertification Authority Browser Forum, also known as theCA/Browser Forum, is a voluntary consortium ofcertification authorities, vendors ofweb browsers and secure email software, operating systems, and otherPKI-enabled applications that promulgates industry guidelines governing the issuance and management ofX.509 v.3digital certificates that chain to atrust anchor embedded in such applications. Its guidelines cover certificates used for theSSL/TLS protocol andcode signing, as well as system andnetwork security of certificate authorities.
As of May 2022[update], the consortium includes 54 certificate issuers, 11 certificate consumer vendors, and industry standards and audit bodies including the European Accredited Conformity Assessment Bodies’ Council (ACAB’C), the WebTrust Task Force, and the European Telecommunications Standards Institute (ETSI).[1]
The CA/Browser Forum has these working groups:
In 2005,Melih Abdulhayoglu of theComodo Group organized[2] the first meeting of CA/Browser Forum. The first meeting was held in New York City. This was followed by a meeting in November 2005 inKanata, Ontario, and a meeting in December, 2005, inScottsdale,Arizona with the main objective to enable secure connections between users and websites.
In addition to CA/Browser Forum members, representatives of theInformation Security Committee of theAmerican Bar Association Section of Science & Technology, Law and theCanadian Institute of Chartered Accountants participated in developing the standards for issuing and managing Extended Validation SSL/TLS certificates. Version 1.0 of the EV Guidelines was adopted on 7 June 2007.[3]
In November 2011, the CA/Browser Forum adopted version 1.0 of the "Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates" intended to provide minimum security standards for all browser-trusted SSL/TLS certificates. Subsequent versions expanded the Baseline Requirements to directly incorporate requirements from browser root store policy programs such as those of Mozilla and Microsoft.
In January 2013 the CA/Browser Forum's first "Network and Certificate System Security Requirements" took effect defining best practices for the general protection of CA networks and supporting systems.
In February 2013 a new industry group, theCertificate Authority Security Council (CASC), was formed with a mission that includes promoting CA/Browser Forum standards. Membership requires adherence to CA/Browser Forum standards.[4] The CASC's founding members consisted Comodo CA (now Sectigo),Symantec (now DigiCert),[5]Trend Micro (now Entrust),DigiCert,Entrust,[6]GlobalSign[7] andGoDaddy.[8][9][10][11][12]
In August 2020, theS/MIME Certificate Working Group[13] was chartered to create a baseline requirement applicable to CAs that issue S/MIME certificates used to sign, verify, encrypt, and decrypt email.
In September 2020, the CA/Browser Forum adopted version 2.0 of the "Baseline Requirements for the Issuance and Management of Publicly-Trusted Code Signing Certificates", which had previously been maintained outside the group.
In January 2023, the CA/Browser Forum adopted version 1.0 of the "Baseline Requirements for the Issuance and Management of Publicly-Trusted S/MIME Certificates", It defined four types of S/MIME certificate standards. Mailbox-validated, Organization-validated, Sponsor-validated and Individual-validated.[14]
CAs approved for EV in Microsoft IE7