From 2bb8beb0d74eb099bd2cde91542cbb183026529e Mon Sep 17 00:00:00 2001 From: Adriano Santoni Date: Thu, 19 Feb 2026 09:16:25 +0100 Subject: [PATCH 1/3] Modified 7.1.6.4 according to https://github.com/cabforum/code-signing/issues/45 Modified 7.1.6.4 according to https://github.com/cabforum/code-signing/issues/45 --- docs/CSBR.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/CSBR.md b/docs/CSBR.md index 2a2bf87..d8d3de2 100644 --- a/docs/CSBR.md +++ b/docs/CSBR.md @@ -2459,7 +2459,8 @@ A Subordinate CA MUST represent, in its Certificate Policy and/or Certification #### 7.1.6.4 Subscriber Certificates -A Certificate issued to a Subscriber MUST contain one or more policy identifier(s), defined by the CA, in the Certificate's certificatePolicies extension that indicates adherence to and compliance with these Requirements. CAs complying with these Requirements MAY also assert the reserved policy OIDs in such Certificates. +A Certificate issued to a Subscriber MUST contain exactly one of the reserved policy OIDs specified in Section 7.1.6.1 in the Certificate's CertificatePolicies extension. +CAs complying with these Requirements MAY also assert or more policy identifier(s), defined by the CA, in the Certificate's CertificatePolicies extension, that indicates adherence to and compliance with these Requirements. The CA MUST document in its Certificate Policy or Certification Practice Statement that the Certificates it issues containing the specified policy identifier(s) are managed in accordance with these Requirements. @@ -3036,3 +3037,4 @@ jurisdictionCountryName ATTRIBUTE ::= { END ``` + From 58311376b17b380eb13075ee826a302878cc58ba Mon Sep 17 00:00:00 2001 From: Adriano Santoni Date: Thu, 9 Apr 2026 12:07:54 +0200 Subject: [PATCH 2/3] Inserted effective date --- docs/CSBR.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/CSBR.md b/docs/CSBR.md index d8d3de2..47351db 100644 --- a/docs/CSBR.md +++ b/docs/CSBR.md @@ -2459,7 +2459,8 @@ A Subordinate CA MUST represent, in its Certificate Policy and/or Certification #### 7.1.6.4 Subscriber Certificates -A Certificate issued to a Subscriber MUST contain exactly one of the reserved policy OIDs specified in Section 7.1.6.1 in the Certificate's CertificatePolicies extension. +Effective September 15, 2026 a Certificate issued to a Subscriber MUST contain exactly one of the reserved policy OIDs specified in Section 7.1.6.1 in the Certificate's CertificatePolicies extension. + CAs complying with these Requirements MAY also assert or more policy identifier(s), defined by the CA, in the Certificate's CertificatePolicies extension, that indicates adherence to and compliance with these Requirements. The CA MUST document in its Certificate Policy or Certification Practice Statement that the Certificates it issues containing the specified policy identifier(s) are managed in accordance with these Requirements. From e319130c26b64339cf21660e36f9d43e2a549726 Mon Sep 17 00:00:00 2001 From: Adriano Santoni Date: Thu, 9 Apr 2026 12:10:13 +0200 Subject: [PATCH 3/3] Fixed typo --- docs/CSBR.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/CSBR.md b/docs/CSBR.md index 47351db..a97aecf 100644 --- a/docs/CSBR.md +++ b/docs/CSBR.md @@ -2461,7 +2461,7 @@ A Subordinate CA MUST represent, in its Certificate Policy and/or Certification Effective September 15, 2026 a Certificate issued to a Subscriber MUST contain exactly one of the reserved policy OIDs specified in Section 7.1.6.1 in the Certificate's CertificatePolicies extension. -CAs complying with these Requirements MAY also assert or more policy identifier(s), defined by the CA, in the Certificate's CertificatePolicies extension, that indicates adherence to and compliance with these Requirements. +CAs complying with these Requirements MAY also assert one or more policy identifier(s), defined by the CA, in the Certificate's CertificatePolicies extension, that indicates adherence to and compliance with these Requirements. The CA MUST document in its Certificate Policy or Certification Practice Statement that the Certificates it issues containing the specified policy identifier(s) are managed in accordance with these Requirements.