← CABF Ballot Browser
Ballot-97 passed

Ballot 97 – Prevention of Unknown Certificate Contents

Server Certificate Working Group

Key dates

Effective date
21 Feb 2013 13 years ago
Voting opened
14 Feb 2013 13 years ago
Voting closed
21 Feb 2013 13 years ago
Discussion opened
07 Feb 2013 13 years ago
Discussion closed
14 Feb 2013 13 years ago

AI Summary

Generated 2026-06-23 21:36 UTC

Ballot overview

  • Ballot 97, Prevention of Unknown Certificate Contents, is marked as Passed on the ballot page.
  • The motion was made by Jeremy Rowley and endorsed by Ryan Hurst and Robin Alden.
  • The ballot adds requirements to Section 10.2.3 and Appendix B of the Baseline Requirements.

What the ballot changes

  • Section 10.2.3: the CA must establish and follow a documented procedure for verifying all data requested for inclusion in the Certificate by the Applicant.
  • Appendix B: adds paragraph numbers for Root CA Certificate, Subordinate CA Certificate, and Subscriber Certificate headings.
  • Appendix B: removes repeated text stating that all other fields and extensions MUST be set in accordance with RFC 5280.
  • Appendix B: adds a new All Certificates paragraph stating that all other fields and extensions MUST be set in accordance with RFC 5280.
  • Appendix B: prohibits issuing a Certificate containing keyUsage flags, extendedKeyUsage values, Certificate extensions, or other data not specified in Appendix B unless the CA is aware of a reason for including the data.
  • Appendix B: prohibits certificates with extensions that do not apply in the context of the public Internet unless the Applicant demonstrates ownership of the relevant OID arc or otherwise demonstrates the right to assert the data in a public context.
  • Appendix B: prohibits certificates with semantics that would mislead a Relying Party about certificate information verified by the CA.

Timing stated on the page

  • The review period was to commence at 21:00 UTC on 7 February 2013 and close at 21:00 UTC on 14 February 2013.
  • Unless withdrawn during review, the voting period would start immediately thereafter and close at 21:00 UTC on 21 February 2013.

Compliance timing

  • The evidence does not provide a separate effective date for implementation beyond the ballot timing language.
  • The ballot text states the review and voting schedule, but no explicit compliance date is given in the supplied evidence.
Model: gpt-5.4-mini Confidence: 0.95 Result: passed
Voting opened
2013-02-14
Voting closed
2013-02-21
Discussion opened
2013-02-07
Discussion closed
2013-02-14

AI-generated from the CABF ballot page. The official CABF article remains the authoritative source.

Excerpt

SearchHome » All CA/Browser Forum Posts » Ballot 97 – Prevention of Unknown Certificate ContentsBallot 97 – Prevention of Unknown Certificate ContentsBallot 97 – Prevention of Unknown Certificate Contents (Passed)

View on cabforum.org → Last fetched 16 hours ago

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action