Home » Resources » Object Registry

Object Registry

Object Registry of the CA / Browser Forum

The CA/Browser Forum node (assigned organization identifier) is: 2.23.140

{joint-iso-itu-t(2) international-organizations(23) ca-browser-forum(140)}

Here are the CA/B Forum-assigned Object Identifiers (OIDs):

certificate-policies(1)
extended-validation(1) — 2.23.140.1.1 (Certificate issued in compliance with the Extended Validation Guidelines)
baseline-requirements(2) — 2.23.140.1.2 (TLS Baseline Requirements)
domain-validated(1) — 2.23.140.1.2.1 (Certificate issued in compliance with the TLS Baseline Requirements – No entity identity asserted)
organization-validated(2) — 2.23.140.1.2.2 (Certificate issued in compliance with the TLS Baseline Requirements – Organization identity asserted)
individual-validated(3) — 2.23.140.1.2.3 (Certificate issued in compliance with the TLS Baseline Requirements – Individual identity asserted)
extended-validation-codesigning(3) — 2.23.140.1.3 (EV Code Signing Certificate issued in compliance with the Code Signing Baseline Requirements)
codesigning-requirements(4) codesigning(1) — 2.23.140.1.4.1 (Code Signing Certificate issued in compliance with the Code Signing Baseline Requirements)
codesigning-requirements(4) timestamping(2) — 2.23.140.1.4.2 (Timestamp Certificate issued in compliance with the Code Signing Baseline Requirements)
smime(5) — 2.23.140.1.5 (S/MIME Baseline Requirements)
mailbox-validated (1) legacy (1) — 2.23.140.1.5.1.1
mailbox-validated (1) multipurpose (2) — 2.23.140.1.5.1.2
mailbox-validated (1) strict (3) — 2.23.140.1.5.1.3
organization-validated (2) legacy (1) — 2.23.140.1.5.2.1
organization-validated (2) multipurpose (2) — 2.23.140.1.5.2.2
organization-validated (2) strict (3) — 2.23.140.1.5.2.3
sponsor-validated (3) legacy (1) — 2.23.140.1.5.3.1
sponsor-validated (3) multipurpose (2) — 2.23.140.1.5.3.2
sponsor-validated (3) strict (3) — 2.23.140.1.5.3.3
individual-validated (4) legacy (1) — 2.23.140.1.5.4.1
individual-validated (4) multipurpose (2) — 2.23.140.1.5.4.2
individual-validated (4) strict (3) — 2.23.140.1.5.4.3
onion-EV(31) — 2.23.140.1.31 (TOR Service Descriptor OID for EV TLS certificates for .onion)
certificate-extensions(2)
test-certificate(1) — 2.23.140.2.1 (Test certificate) Deprecated
certificate-extensions(3)
cabforganization-identifier(1) — 2.23.140.3.1 (CA/Browser Forum Organization Identifier Field used in EV)
cabf-caSigningNonce(41) - 2.23.140.41 (CA signing nonce attribute that contains a Random Value that is generated by the CA used for verifying Applicant’s control over a .onion service)
cabf-applicantSigningNonce(42) - 2.23.140.42 (Applicant signing nonce attribute that contains a single value with at least 64-bits of entropy that is generated by the Applicant used during the verification of Applicant’s control over a .onion service)

Latest releases

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.6 - Ballot SMC08 - Aug 29, 2024

This ballot sets a date by which issuance of certificates following the Legacy generation profiles must cease. It also includes the following minor updates: Pins the domain validation procedures to v 2.0.5 of the TLS Baseline Requirements while the ballot activity for multi-perspective validation is concluded, and the SMCWG determines its corresponding course of action; Updates the reference for SmtpUTF8Mailbox from RFC 8398 to RFC 9598; and Small text corrections in the Reference section

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35