Tim Callan, chief compliance officer at Sectigo, elected as new vice chair
Sectigo, a global leader in digital certificates and automated Certificate Lifecycle Management (CLM), today announced its unrivalled leadership within the CA/Browser (CA/B) Forum, earning the election of five chair positions – the most seats of any CA/B Forum member. This includes the election of Tim Callan, Sectigo’s chief compliance officer, as the new vice chair. The Forum, established in 2005, is a voluntary group with elected leadership seats that sets standards and best practices for certificate validation, authentication, and revocation and helps its members address challenges related to securing digital certificates.
New officers will assume their chair positions on December 1, 2024, increasing Sectigo’s current count from four to five seats – the most of any organisation in the CA/B Forum. The increase in chair positions by Sectigo illustrates the company’s commitment to developing and upholding high-quality standards for digital certificates.
Sectigo will hold these offices in the CA/B Forum starting in December:
- CA/B Forum Vice Chair: Tim Callan, chief compliance officer, Sectigo
- Chairman, Code Signing Working Group: Martijn Katerbarg, senior compliance engineer, Sectigo
- Vice Chair, S/MIME Working Group: Martijn Katerbarg
- Vice Chair, Documentation and Guidelines Working Group: Tim Callan
- Co-Chair, Patent Advisory Working Group: Brian Holland, general counsel, Sectigo
Tim Callan steps into his additional new role as vice chair where he will aid the chair in facilitating and guiding Forum activity. A founding member of the CA/B Forum, Callan originally played a key role in the creation and roll out of Extended Validation SSL in the late 2000s. He has served as vice chair of the CA/B Forum’s Definitions and Guidelines Working Group since April 2024.
“Since its founding in the mid 2000s, the CA/Browser Forum has existed to encourage predictably high-quality standards for public digital certificates. As a purely voluntary organisation, it only works when members contribute their own time and effort to advance the entire WebPKI,” said Callan. “I am proud of Sectigo’s ongoing commitment to the Forum, and I am honoured to be selected by the Forum’s group of high-minded technical experts to help keep it running smoothly and productively.”
This leadership handover occurs during a time of great transition for the WebPKI. Recent and anticipated updates to foundational elements of public certificates include:
- Shortening digital certificate lifespans, most notably the drive to reduce SSL certificates to 45-day maximum term
- Modernization of domain control validation, including Multi-perspective Issuance Corroboration (MPIC) and the deprecation of WHOIS as an email validation method
- Post-quantum cryptography (PQC)
- Reform of revocation rules for misissuance
Shortening certificate lifespans is a particularly meaningful trend. In just a few years SSL certificates have dropped from a three-year maximum term down to one, with a proposal in discussion to step down the maximum term for TLS from 398 days to as little as 45 days. Shorter certificate lifespans reduce the risk of cybercriminals exploiting outdated certificates, minimize exposure time for compromised certificates, improve crypto agility, and reduce gaps between domain control and certificate ownership.
“I expect big changes in our industry in the next two years,” added Callan. “It’s an exciting time to be part of the CA/Browser Forum, and I look forward to playing my part in bringing about these improvements and others.”
The CA/B Forum brings together a voluntary group of certificate authorities, like Sectigo, browser vendors like Apple, Google, Mozilla, and Microsoft, and major technology companies to establish guidelines for public TLS, Code Signing, and S/MIME certificates. The Forum updates guidelines and requirements regularly to help the WebPKI stay ahead of emerging threats, incorporate new technology, and improve the accuracy and reliability of processes. The Forum is globally recognized as the definitive authority on public digital certificates.
For more information about Sectigo’s role in preparing organizations for the shift to 45-day certificates, please visit: https://www.sectigo.com/45-day-ssl
About Sectigo
Sectigo is the most innovative provider of certificate lifecycle management (CLM), delivering comprehensive solutions that secure human and machine identities for the world’s largest brands. Sectigo’s automated, cloud-native CLM platform issues and manages digital certificates across all certificate authorities (CAs) to simplify and improve security protocols within the enterprise. Sectigo is one of the largest, longest standing, and most reputable CAs with more than 700,000 customers and two decades of delivering unparalleled digital trust. For more information, visit www.sectigo.com or follow us on LinkedIn.