CA/Browser Forum
Home » All CA/Browser Forum Posts » Ballot 33- Subject Attribute Requirements

Ballot 33- Subject Attribute Requirements

Ballot 33- Subject Attribute Requirements (Passed Unanimously)

Motion

Steve Roylance made the following motion, and Johnathan Nightingale and Jay Schiavo endorsed it:

Motion begins

The Guidelines should be amended by the following erratum.

Erratum begins

Delete the following paragraph from Section 6.

  1. EV Certificate Content Requirements This section sets forth minimum requirements for the content of the EV Certificate as they relate to the identity of the CA and the Subject of the EV Certificate.

Insert the following paragraph:

  1. EV Certificate Content Requirements This section sets forth minimum requirements for the content of the EV Certificate as they relate to the identity of the CA and the Subject of the EV Certificate. Optional data fields within the subject DN should contain either information verified by the CA or be left empty. Meta data such as ‘.’, ‘-‘ and ‘ ‘ characters and or any other indication that the field is not applicable should not be used.

Delete the following paragraph from Section 6(a)(4).

Contents These fields MUST contain information only at and above the level of the Incorporating Agency or Registration Agency – e.g., the Jurisdiction of Incorporation for an Incorporating Agency or Jurisdiction of Registration for a Registration Agency at the country level would include country information but not state or province or locality information; the Jurisdiction of Incorporation for the applicable Incorporating Agency or Registration Agency at the state or province level would include both country and state or province information, but not locality information; and so forth. Country information MUST be specified using the applicable ISO country code. State or province information, and locality information (where applicable), for the Subject’s Jurisdiction of Incorporation or Registration MUST be specified using the full name of the applicable jurisdiction.

Insert the following paragraph:

Contents These fields MUST contain information only relevant to the level of the Incorporating Agency or Registration Agency – e.g., the Jurisdiction of Incorporation for an Incorporating Agency or Jurisdiction of Registration for a Registration Agency at the country level would include country information but not state or province or locality information; the Jurisdiction of Incorporation for the applicable Incorporating Agency or Registration Agency at the state or province level would include both country and state or province information, but not locality information ; the Jurisdiction of Incorporation for the applicable Incorporating Agency or Registration Agency at locality level would include country and also state or province information where the state or province regulates the registration of the entities at the locality level. Country information MUST be specified using the applicable ISO country code. State or province or locality information (where applicable), for the Subject’s Jurisdiction of Incorporation or Registration MUST be specified using the full name of the applicable jurisdiction.

Delete the following paragraph from the Definitions Section.

  1. Jurisdiction of Incorporation: In the case of a Private Organization, the country and (where applicable) the state or province where the organization’s legal existence was established by a filing with (or an act of) an appropriate government agency or entity (e.g., where it was incorporated). In the case of a Government Entity, the country and (where applicable) the state or province where the Entity’s legal existence was created by law.

Insert the following paragraph:

  1. Jurisdiction of Incorporation: In the case of a Private Organization, the country and (where applicable) the state or province or locality where the organization’s legal existence was established by a filing with (or an act of) an appropriate government agency or entity (e.g., where it was incorporated). In the case of a Government Entity, the country and (where applicable) the state or province where the Entity’s legal existence was created by law.

Erratum ends

Motion ends

The ballot review period comes into effect at 2100 UTC on 21 July 09 and will close at 2100 UTC on 28 July 2009. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 2100 UTC on 4th August 2009.

Votes must be cast by ‘reply all’ to this email.

A vote in favour of the motion must indicate a clear ‘yes’ in the response. A vote against must indicate a clear ‘no’ in the response. A vote to abstain must indicate a clear ‘abstain’ in the response. Unclear responses will not be counted.

Latest releases
Server Certificate Requirements
SC095v3: Clean-up 2025 - Apr 2, 2026

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.13 - Ballot SMC015v2 - Mar 28, 2026

This ballot introduces requirements that a CA or RA must follow to rely upon a Mobile Drivers License (mDL) to provide evidence for the authentication of individual identity. It allows the use of mDL that conform to ISO/IEC 18013-5 and which may be verified by the CA or RA in conformance with ISO/IEC 18013-7. The CA or RA shall only accept mDL from an Issuing Authority that is legally authorized by the relevant government or jurisdiction to issue driving licenses. The draft also aligns the subsections of 3.2.4.2 (Validation of individual identity) to correspond more closely with those in 3.2.4.1 (Attribute collection of individual identity). It also includes minor editorial corrections. SMC015v2 was updated to remove an additional reference to the superceded ETSI EN 319 403. This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Ben Wilson (Mozilla) and Scott Rea (eMudhra).

Network and Certificate System Security Requirements
Version 2.0.5 (Ballot NS-008) - Jul 9, 2025

Related posts
Tags
Ballot Server Certificates
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).