Ballot SMC016: Equivalence with Ballots SC096 and SC097
S/MIME Certificate Working Group
Key dates
- Effective date
- 15 Sep 2026 2 months from now
- Voting opened
- 25 Mar 2026 2 months ago
- Voting closed
- 01 Apr 2026 2 months ago
- IPR review ends
- 01 May 2026 1 month ago
- Discussion opened
- 17 Mar 2026 3 months ago
- Discussion closed
- 25 Mar 2026 2 months ago
Resources
AI Summary
Result and adoption
- The ballot SMC016 (Equivalence with Ballots SC096 and SC097) is marked as adopted.
- The page states that no IPR Exclusion Notices were filed.
- The ballot is adopted as of May 5, 2026.
- Voting results state the ballot has PASSED.
What the ballot changes (S/MIME Baseline Requirements)
- Creates a carve-out of the logging requirements for DNSSEC specifically, stating these are not in scope.
- Sunsets all remaining use of SHA-1 signatures in Certificates and CRLs.
- With this ballot, all unexpired Subordinate CA Certificates issuing S/MIME containing the SHA-1 signature algorithm must be revoked.
- The proposal does not prohibit the use of SHA-1 to generate issuerKeyHash or issuerNameHash values as required by RFC 5019.
- Includes minor formatting corrections.
Timeline elements shown on the ballot page
- Discussion (at least 7 days): start time March 17, 2026 at 23:00 UTC; end time March 25, 2026 at 18:00 UTC.
- Voting for Approval: start time March 25, 2026 at 18:00 UTC; end time April 1, 2026 at 18:00 UTC.
- IPR review period: start of review period 2026-04-01 19:00:00 UTC; end of review period 2026-05-01 19:00:00 UTC.
- Adoption date stated on the page: May 5, 2026.
Effective requirement date stated in the supplied artifacts
- The S/MIME Baseline Requirements text includes phased requirements tied to September 15, 2026:
- Effective September 15, 2026 the CA SHALL NOT sign a certificate using a signature algorithm that incorporates SHA-1.
- Prior to September 15, 2026 the CA SHALL revoke any unexpired Subordinate CA Certificate whose signature algorithm incorporates SHA-1.
- Effective date
- 2026-09-15
- Voting opened
- 2026-03-25
- Voting closed
- 2026-04-01
- IPR review ends
- 2026-05-01
- Discussion opened
- 2026-03-17
- Discussion closed
- 2026-03-25
2026-09-15 — On or after September 15, 2026, the CA SHALL NOT sign a certificate using a signature algorithm that incorporates SHA-1. Applies to signing certificates using a signature algorithm that incorporates SHA-1 (CA signing behavior).
2026-09-15 — Prior to September 15, 2026, the CA SHALL revoke any unexpired Subordinate CA Certificate whose signature algorithm incorporates SHA-1. Applies to unexpired Subordinate CA Certificates whose signature algorithm incorporates SHA-1.
AI-generated from the CABF ballot page. The official CABF article remains the authoritative source.
Vote result
Proposers
Stephen Davidson (DigiCert) and endorsed by Martijn Katerbarg (Sectigo) and Ben Wilson (Mozilla).
Excerpt
SearchHome » All CA/Browser Forum Posts » Ballot SMC016: Equivalence with Ballots SC096 and SC097Ballot SMC016: Equivalence with Ballots SC096 and SC097[Adopted] Ballot SMC016: Equivalence with Ballots SC096 and SC097The Intellectual Property Review (IPR) period for Ballot SMC016 (Equivalence with Ballots SC096 and SC097) has completed. No IPR Exclusion Notices were filed, and the ballot is adopted as of May 5, 2026. The new S/MIME BR v.1.0.14 have been published to the CABF public website in accordance with the Bylaws: https://cabforum.org/uploads/CA-Browser-Forum-SMIMEBR-1.0.14.pdf