CA/Browser Forum
Home » Resources » Object Registry

Object Registry

Object Registry of the CA / Browser Forum

The CA/Browser Forum node (assigned organization identifier) is: 2.23.140

{joint-iso-itu-t(2) international-organizations(23) ca-browser-forum(140)}

Here are the CA/B Forum-assigned Object Identifiers (OIDs):

  • certificate-policies(1)
  • extended-validation(1) — 2.23.140.1.1  (Certificate issued in compliance with the Extended Validation Guidelines)
  • baseline-requirements(2) — 2.23.140.1.2 (TLS Baseline Requirements)
  • domain-validated(1) — 2.23.140.1.2.1 (Certificate issued in compliance with the TLS Baseline Requirements – No entity identity asserted)
  • organization-validated(2) — 2.23.140.1.2.2 (Certificate issued in compliance with the TLS Baseline Requirements – Organization identity asserted)
  • individual-validated(3) — 2.23.140.1.2.3 (Certificate issued in compliance with the TLS Baseline Requirements – Individual identity asserted)
  • extended-validation-codesigning(3) — 2.23.140.1.3 (EV Code Signing Certificate issued in compliance with the Code Signing Baseline Requirements)
  • codesigning-requirements(4) codesigning(1) — 2.23.140.1.4.1 (Code Signing Certificate issued in compliance with the Code Signing Baseline Requirements)
  • codesigning-requirements(4) timestamping(2) — 2.23.140.1.4.2 (Timestamp Certificate issued in compliance with the Code Signing Baseline Requirements)
  • smime(5) — 2.23.140.1.5 (S/MIME Baseline Requirements)
  • mailbox-validated (1) legacy (1) — 2.23.140.1.5.1.1
  • mailbox-validated (1) multipurpose (2) — 2.23.140.1.5.1.2
  • mailbox-validated (1) strict (3) — 2.23.140.1.5.1.3
  • organization-validated (2) legacy (1) — 2.23.140.1.5.2.1
  • organization-validated (2) multipurpose (2) — 2.23.140.1.5.2.2
  • organization-validated (2) strict (3) — 2.23.140.1.5.2.3
  • sponsor-validated (3) legacy (1) — 2.23.140.1.5.3.1
  • sponsor-validated (3) multipurpose (2) — 2.23.140.1.5.3.2
  • sponsor-validated (3) strict (3) — 2.23.140.1.5.3.3
  • individual-validated (4) legacy (1) — 2.23.140.1.5.4.1
  • individual-validated (4) multipurpose (2) — 2.23.140.1.5.4.2
  • individual-validated (4) strict (3) — 2.23.140.1.5.4.3
  • onion-EV(31) — 2.23.140.1.31 (TOR Service Descriptor OID for EV TLS certificates for .onion)
  • certificate-extensions(2)
  • test-certificate(1) — 2.23.140.2.1 (Test certificate) Deprecated
  • certificate-extensions(3)
  • cabforganization-identifier(1) — 2.23.140.3.1 (CA/Browser Forum Organization Identifier Field used in EV)
  • cabf-caSigningNonce(41) - 2.23.140.41 (CA signing nonce attribute that contains a Random Value that is generated by the CA used for verifying Applicant’s control over a .onion service)
  • cabf-applicantSigningNonce(42) - 2.23.140.42 (Applicant signing nonce attribute that contains a single value with at least 64-bits of entropy that is generated by the Applicant used during the verification of Applicant’s control over a .onion service)
Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.6 - Ballot SMC08 - Aug 29, 2024

This ballot sets a date by which issuance of certificates following the Legacy generation profiles must cease. It also includes the following minor updates: Pins the domain validation procedures to v 2.0.5 of the TLS Baseline Requirements while the ballot activity for multi-perspective validation is concluded, and the SMCWG determines its corresponding course of action; Updates the reference for SmtpUTF8Mailbox from RFC 8398 to RFC 9598; and Small text corrections in the Reference section

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).