All,
In section 2.2 of version 1.3 of the CA/Browser Forum's Baseline
Requirements, it says:
"The disclosures MUST include all the material required by RFC 2527 or
RFC 3647, and MUST be structured in accordance with either RFC 2527 or
RFC 3647."
Some government CAs are bound by local e-signature laws that include a
guideline for the structure of the CPS, which is not in line with RFC 3647.
Would it be reasonable to allow an exception to this rule (structure CPS
according to RFC 36437)for government (non-commercial) CAs that are
bound by local law to use a different structure for their CPS?
Would such an exception require that the the CA hierarchy be bound to
certain TLDs (e.g. country-specific, .gov)?
Kathleen
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
