Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates Version 1.7.2 CA/Browser Forum 22 September, 2020 Copyright 2020 CA/Browser Forum This work is licensed under the Creative Commons Attribution 4.0 International license. Table of Contents 1. INTRODUCTION ................................................................................................................................................ 11 1.1 Overview ....................................................................................................................................................... 11 1.2 Document name and identification ................................................................................................... 11 1.2.1 Revisions .............................................................................................................................................. 12 1.2.2. Relevant Dates .................................................................................................................................. 15 1.3 PKI Participants ......................................................................................................................................... 17 1.3.1 Certification Authorities ................................................................................................................ 17 1.3.2 Registration Authorities ................................................................................................................ 17 1.3.3 Subscribers .......................................................................................................................................... 18 1.3.4 Relying Parties ................................................................................................................................... 18 1.3.5 Other Participants ............................................................................................................................ 18 1.4 Certificate Usage ........................................................................................................................................ 18 1.4.1 Appropriate Certificate Uses ....................................................................................................... 18 1.4.2 Prohibited Certificate Uses ........................................................................................................... 18 1.5 Policy administration .............................................................................................................................. 18 1.5.1 Organization Administering the Document .......................................................................... 19 1.5.2 Contact Person ................................................................................................................................... 19 1.5.3 Person Determining CPS suitability for the policy ............................................................. 19 1.5.4 CPS approval procedures .............................................................................................................. 19 1.6 Definitions and Acronyms ..................................................................................................................... 19 1.6.1 Definitions ........................................................................................................................................... 19 1.6.2 Acronyms ............................................................................................................................................. 26 1.6.3 References ........................................................................................................................................... 27 1.6.4 Conventions ........................................................................................................................................ 29 2. PUBLICATION AND REPOSITORY RESPONSIBILITIES .................................................................... 30 2.1 Repositories ................................................................................................................................................. 30 2.2 Publication of information .................................................................................................................... 30 2.3 Time or frequency of publication ....................................................................................................... 30 2.4 Access controls on repositories .......................................................................................................... 31 3. IDENTIFICATION AND AUTHENTICATION ........................................................................................... 32 3.1 Naming ........................................................................................................................................................... 32 3.1.1 Types of names .................................................................................................................................. 32 3.1.2 Need for names to be meaningful .............................................................................................. 32 pg. 2 3.1.3 Anonymity or pseudonymity of subscribers ........................................................................ 32 3.1.4 Rules for interpreting various name forms ........................................................................... 32 3.1.5 Uniqueness of names ...................................................................................................................... 32 3.1.6 Recognition, authentication, and role of trademarks ....................................................... 32 3.2 Initial identity validation ....................................................................................................................... 32 3.2.1 Method to prove possession of private key .......................................................................... 32 3.2.2 Authentication of Organization and Domain Identity ...................................................... 32 3.2.3 Authentication of individual identity ....................................................................................... 45 3.2.4 Non-verified subscriber information ....................................................................................... 45 3.2.5 Validation of authority ................................................................................................................... 45 3.2.6 Criteria for Interoperation or Certification ........................................................................... 46 3.3 Identification and authentication for re-key requests .............................................................. 46 3.3.1 Identification and authentication for routine re-key ........................................................ 46 3.3.2 Identification and authentication for re-key after revocation ...................................... 46 3.4 Identification and authentication for revocation request ....................................................... 46 4. CERTIFICATE LIFE-CYCLE OPERATIONAL REQUIREMENTS ....................................................... 47 4.1 Certificate Application ............................................................................................................................ 47 4.1.1 Who can submit a certificate application ............................................................................... 47 4.1.2 Enrollment process and responsibilities ............................................................................... 47 4.2 Certificate application processing ..................................................................................................... 47 4.2.1 Performing identification and authentication functions ................................................. 47 4.2.2 Approval or rejection of certificate applications ................................................................ 48 4.2.3 Time to process certificate applications ................................................................................. 48 4.3 Certificate issuance .................................................................................................................................. 48 4.3.1 CA actions during certificate issuance ..................................................................................... 48 4.3.2 Notification to subscriber by the CA of issuance of certificate ..................................... 48 4.4 Certificate acceptance ............................................................................................................................. 49 4.4.1 Conduct constituting certificate acceptance ......................................................................... 49 4.4.2 Publication of the certificate by the CA ................................................................................... 49 4.4.3 Notification of certificate issuance by the CA to other entities .................................... 49 4.5 Key pair and certificate usage.............................................................................................................. 49 4.5.1 Subscriber private key and certificate usage ....................................................................... 49 4.5.2 Relying party public key and certificate usage .................................................................... 49 4.6 Certificate renewal ..................................................................................................................................