Skip to content

SC-XXX: Availability of URI in Certificates #650

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
srdavidson wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

SC-XXX: Availability of URI in Certificates #650

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a05f15e
2.1 edit
srdavidson Jan 26, 2026
e5ec2d4
2.4 edits
srdavidson Jan 26, 2026
645f9aa
Revision table
srdavidson Jan 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions docs/BR.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
---
title: Baseline Requirements for the Issuance and Management of Publicly-Trusted TLS Server Certificates

subtitle: Version 2.2.2
subtitle: Version 2.2.X
author:
- CA/Browser Forum

date: 12-January-2026
date: XX-XX-2026

copyright: |
Copyright 2026 CA/Browser Forum
Expand Down Expand Up @@ -157,6 +157,7 @@ The following Certificate Policy identifiers are reserved for use by CAs to asse
| 2.2.1 | SC091 | Sunset 3.2.2.5.3 Reverse Address Lookup Validation, | 2025-11-13 | 2025-12-16 |
| 2.2.1 | SC091 | new DNS-based validation using Persistent DCV TXT Record for IP addresses | 2025-11-13 | 2025-12-16 |
| 2.2.2 | SC090 | Gradually sunset remaining email-based, phone-based, and 'crossover' validation methods | 2025-11-20 | 2026-01-12 |
| 2.2.X | SC0XX | Certificate URI availability | TBD | TBD |

\* Effective Date and Additionally Relevant Compliance Date(s)

Expand Down Expand Up @@ -679,7 +680,7 @@ The CA SHALL develop, implement, enforce, and at least once every 366 days updat

## 2.1 Repositories

The CA SHALL make revocation information for Subordinate Certificates and Subscriber Certificates available in accordance with this Policy.
The CA SHALL make resources specified in `uniformResourceIdentifier`s included in Certificates, as well as revocation information for Subordinate Certificates and Subscriber Certificates, available in accordance with this Policy.

## 2.2 Publication of information

Expand All @@ -703,7 +704,7 @@ The CA SHALL develop, implement, enforce, and annually update a Certificate Poli

## 2.4 Access controls on repositories

The CA shall make its Repository publicly available in a read-only manner.
The CA SHALL make its Repository publicly available in a read-only manner. The CA MAY limit access to its Repository in accordance with its Risk Assessment.

# 3. IDENTIFICATION AND AUTHENTICATION

Expand Down