Ballot 151 – Addition of Optional OIDs for Indicating Level of Validation

Overview

• Ballot 151 proposes adding optional OIDs to indicate levels of validation in the Baseline Requirements and EV Guidelines.
• The motion was proposed by Dean Coclin of Symantec and endorsed by Jeremy Rowley of Digicert and Kirk Hall of Trend Micro.

What the ballot changes

• Adds reserved Certificate Policy identifiers for use by CAs as an optional means of asserting compliance with the Baseline Requirements:
  • 2.23.140.1.2.1 for domain-validated certificates
  • 2.23.140.1.2.2 for organization-validated certificates
  • 2.23.140.1.2.3 for individual-validated certificates
• Defines when each of those policy identifiers may be used based on whether Subject Identity Information is verified under the relevant Baseline Requirements sections.
• Sets subject field restrictions and required subject attributes for certificates asserting each policy identifier.
• Revises the EV Guidelines to define EV OID and to require each EV Certificate to contain a qualifying policy identifier.
• Identifies 2.23.140.1.1 as the CA/Browser Forum EV policy identifier if the certificate complies with the EV Guidelines.
• States that if the ballot passes, the custodian of the Forum OIDs will be instructed to obtain the new OID for IV as indicated above.

Voting and result

• The review period was scheduled to run from 2015-09-14 22:00 UTC to 2015-09-21 22:00 UTC.
• The voting period was scheduled to run from 2015-09-21 22:00 UTC to 2015-09-28 22:00 UTC.
• The ballot page states that it closed on September 28th 2015.
• The Chair received 22 CA votes: 19 in favor, 0 against, 3 abstentions.
• The Chair received 3 browser votes: 2 in favor, 0 against, 1 abstention.
• The page explicitly states that the ballot passes.