CA/Browser Forum Governance Reform

Friday May 18, 2018

In March 2016, the CA/Browser Forum formed a working group to review potential ways to restructure the forum. The primary goal was to examine ideas so the Forum could work on other types of standards besides TLS. Ben Wilson and I chaired this group with excellent participation from a cross functional team of browser and certificate authority representatives as well as interested parties. After 2 years of efforts, the working group produced Ballot 206 which passed in April 2017. This created new bylaws which will go into effect on July 3, 2018.

With the passing of the ballot, there exists the opportunity to create new working groups which could address other types of certificates such as code signing, client authentication, S/MIME or document signing.  Before this can happen, all members, associate members and interested parties must sign the revised Intellectual Property Rights (IPR) agreement by July 2, 2018 or they will no longer be able to participate in the Forum.

Why is this important? Mostly the same companies and individuals who work on TLS certificate standards are also involved in other types of certificates. It makes sense to have meetings governed by the same rules and IPR policy with these organizations present. It also opens the door to other types of companies that are neither browsers or certificate authorities. For example, if a provider of email software wanted to be involved in the development of S/MIME standards, they would be able to join as full members, with associated voting rights.

The first group to be formed will be for Code Signing. A charter has already been drafted and will be voted on by the membership soon. I expect S/MIME to come up next. As these new groups are formed, notices will be publicized in an attempt to attract a diverse group of members to the working groups who will have an influence on the standards being produced.

This group has accomplished something noteworthy. For the first time in the history of the Forum, non CAs and browsers will have full participation and voting rights.  I would like to recognize the significant effort put forth by the members – especially Virginia Fournier of Apple, whose experience from other standards organizations helped drive many of the changes to the bylaws to conclusion.

This article was originally published by the "CA Security Council". In 2021 the CASC was restructred and renamed to the "Public Key Infrastructure Consortium" shortly "PKI Consortium".

Learn more about the PKI Consortium
Participate in our community discussions and/or join the consortium