Blog Post Apr 14, 2025

From Tokyo with trust: Sectigo’s POV on the March 2025 CA/Browser Forum Face to Face

Sectigo joined industry leaders in Tokyo for the March 2025 CA/Browser Forum Face to Face meeting, where experts discussed major updates shaping the future of digital trust. Key topics included the 47-day certificate lifespan ballot, Open MPIC implementation, and legal challenges like temporary restraining orders. Sectigo’s contributions reflect its role in advancing secure, resilient online infrastructure.

1. Introduction

2. Major topics on the agenda

3. Final reflections

Our Sectigo team members travelled to Tokyo, Japan for the CA/Browser Forum’s March Face to Face meeting to discuss the latest updates with other leaders in the industry.

Introduction

Every few months, the world’s most influential certificate authorities, browser makers, and industry experts gather under the CA/Browser Forum banner to shape the future of digital trust. In March 2025, the Forum met face to face in Tokyo, and Sectigo was proud to be there. CA/Browser Vice Chairman and Sectigo Chief Compliance Officer Tim Callan, Code Signing Working Group Chair Martijn Katerbarg, Sectigo General Counsel Brian Holland, and Sectigo Principal Architect Dmitry Sharkov all had the chance to present topics at the meeting.

The CA/Browser Forum plays a pivotal role in setting the standards that keep the internet secure, from TLS and S/MIME to code signing and emerging technologies. These meetings are more than procedural check-ins; they’re critical opportunities for collaboration, innovation, and progress. Meeting in person in Tokyo allowed for deeper technical dialogue, richer exchanges of ideas, and renewed energy across the ecosystem.

Major topics on the agenda

From pressing policy updates to forward-looking technical initiatives, the discussions spanned a wide range of subjects that impact certificate authorities (CA), browser vendors, and relying parties alike. Below are some of the topics that shaped the conversation in Tokyo, each one highlighting where the industry is headed and the critical work being done to anticipate emerging threats, streamline operations, and reinforce trust online.

1. The SC-081 Ballot – AKA, the 47-day lifespan ballot

At the March 2025 CA/Browser Forum meeting, one of the agenda items was the Ballot SC-081—commonly known as the 47-day lifespan ballot, which proposes shortening the validity period of SSL/TLS certificates to 47 days over the course of the next 4 years. While no major updates or resolutions were made during the meeting, the topic continued to capture the attention of Forum participants.

As of April 11, this ballot subsequently passed. This is the latest step in the move to shorter certificate lifespans, aligning with broader industry trends toward increasing security and reducing risks associated with long-lived certificates.

2. Open MPIC Project

Another valuable discussion of the Face-to-Face was around Open MPIC, an open-source initiative designed to help Certificate Authorities (CAs) mitigate DNS-based attacks during domain validation. Open MPIC (Multi-Perspective Issuance Correlation) provides an open-source solution for CAs looking to test and implement MPIC and provides a framework that allows CAs to verify DNS records from multiple global vantage points, reducing the risk of localized DNS spoofing or cache poisoning attacks that could otherwise lead to certificate mis-issuance. By correlating DNS responses from different resolvers, Open MPIC strengthens the integrity of the validation process, offering a scalable, privacy-preserving way for CAs to enhance trust and improve security in the public key infrastructure ecosystem.

Lead Architect on Open MPIC and Sectigo Principal Architect, Dmitry Sharkov presented Open MPIC to the Forum. As of March 15, the CA/Browser Forum requires monitoring-only mode of MPIC for the issuance of publicly trusted web PKI certificates, and as of September 15, 2025, CAs will have to halt issuance based on failed MPIC check results. Open MPIC allows for the collaboration of experts and CAs to mitigate global risks and improve the security of web browsers.

3. Temporary restraining orders

Brian Holland also presented, addressing the use of temporary restraining orders (TROs) and their implications for CAs. In 2024 a certificate Subscriber prevented a CA from carrying out a Baseline Requirements (BR)-mandated revocation event through a court-issued TRO, raising concerns about how legal actions can disrupt compliance with industry standards.

This incident highlighted a potential vulnerability where judicial intervention - outside the oversight of technical communities - can create roadblocks for critical security processes. This kicked off a CA/Browser Forum initiative to examine how the industry can protect critical security and compliance controls against improper legal interference and what preventive steps are available. The CA/Browser Forum is exploring how it can support CAs in navigating such legal challenges, while encouraging individual CAs to establish internal protocols and legal readiness plans to help preserve mandated rules.

Final reflections

The March 2025 CA/B Forum Face to Face was a reminder of the power of collaboration in cybersecurity. While the internet is built on code, infrastructure, and cryptographic protocols, trust is ultimately a human endeavor. Being in the room together to share knowledge, challenge assumptions, and build consensus, is what makes these standards work.

For Sectigo, this trip to Japan reinforced our commitment to leadership in this space. We don’t just follow standards, we help shape them. We’re grateful to our peers across the CA/Browser Forum and look forward to continued progress at the next meeting.

Until then, it’s back to work, delivering digital trust solutions that meet the world’s evolving needs.