← CABF Ballot Browser
CSC-32 passed

Ballot CSC-32: Make a Reserved Policy OID mandatory

Code Signing Certificate Working Group

Key dates

Effective date
15 Sep 2026 2 months from now
Voting opened
04 May 2026 1 month ago
Voting closed
11 May 2026 1 month ago
IPR review ends
10 Jun 2026 2 weeks ago
Discussion opened
27 Apr 2026 1 month ago
Discussion closed
04 May 2026 1 month ago

Resources

GitHub diff https://github.com/cabforum/code-signing/compare/89ca8c6ad215c77e7f1350d09c25c613a7bc0d75...e319130c26b64339cf21660e36f9d43e2a549726 https://github.com/cabforum/code-signing/compare/89ca8c6ad215c77e7f1350d09c25c613a7bc0d75...e319130c26b64339cf21660e36f9d43e2a549726
± Redline https://cabforum.org/uploads/CA-Browser-Forum-CSCBR-3.11.0-redline.pdf https://cabforum.org/uploads/CA-Browser-Forum-CSCBR-3.11.0-redline.pdf
Document https://cabforum.org/uploads/CA-Browser-Forum-CSCBR-3.11.0.pdf https://cabforum.org/uploads/CA-Browser-Forum-CSCBR-3.11.0.pdf
Document https://cabforum.org/wp-content/uploads/Template-for-Exclusion-Notice.pdf https://cabforum.org/wp-content/uploads/Template-for-Exclusion-Notice.pdf

AI Summary

Generated 2026-06-23 21:39 UTC

Ballot overview

  • Ballot: CSC-32: Make a Reserved Policy OID mandatory
  • Working group: Code Signing Certificate Working Group
  • Purpose: Update the Code Signing Baseline Requirements (from version 3.10) to modify requirements for Certificate policy object identifiers (OIDs) in Subscriber Certificates.
  • Goals stated on the ballot page:
    • Require inclusion of a Reserved Policy OID in the CertificatePolicies extension.
    • Make it optional to include other CA-defined Reserved Policy OID(s) in the CertificatePolicies extension.

Voting and adoption status

  • The ballot page states the voting period has completed and the ballot PASSED.
  • The ballot page states No IPR Exclusion Notices were filed.
  • The ballot is stated as adopted as of November 17, 2025.

Compliance / requirement date stated in the provided evidence

  • The provided GitHub compare text states:
    • Effective September 15, 2026 a Certificate issued to a Subscriber MUST contain exactly one of the reserved policy OIDs specified in Section 7.1.6.1 in the CertificatePolicies extension.
    • CAs complying with these Requirements MAY also assert one or more CA-defined policy identifier(s) in the CertificatePolicies extension indicating adherence to and compliance with these Requirements.

Procedure dates shown on the ballot page (discussion and voting)

  • Discussion start and end times are listed.
  • Voting start and end times are listed.
Model: gpt-5.4-nano Confidence: 0.86 Result: passed
Effective date
2026-09-15
Voting opened
2026-05-04
Voting closed
2026-05-11
IPR review ends
2026-06-10
Discussion opened
2026-04-27
Discussion closed
2026-05-04

AI-generated from the CABF ballot page. The official CABF article remains the authoritative source.

Vote result

Certificate Issuers 7 yes 0 no 0 abstain
Certificate Consumers 1 yes 0 no 0 abstain

CABF ballot approval depends on both voting classes; CA votes alone are not decisive.

8 Yes
0 No
0 Abstain

100% yes · 0% no

Proposers

Adriano Santoni of Actalis and endorsed by Martijn Katerbarg of Sectigo and Corey Bonnell of DigiCert.

Excerpt

SearchHome » All CA/Browser Forum Posts » Ballot CSC-32: Make a Reserved Policy OID mandatoryBallot CSC-32: Make a Reserved Policy OID mandatoryThe Intellectual Property Review (IPR) period for Ballot CSC-32 (Ballot CSC-32: Make a Reserved Policy OID mandatory) has completed.

View on cabforum.org → Last fetched 15 hours ago

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action