On Mon, Apr 06, 2015 at 10:16:14AM +0100, Gervase Markham wrote: > On 04/04/15 04:20, Eugene wrote: > > According to the CA Baseline Requirements section 8.2.1, "The CA > > SHALL develop, implement, enforce, and **annually update** a > > Certificate Policy and/or Certification Practice Statement that > > describes in detail how the CA implements the latest version of these > > Requirements." > > > > But it seems that, among fifteen root and intermediate CAs that I > > have checked, four of them haven't updated their CP or CPS documents > > for more than one year. > > While I am keen on CAs following the BRs, and if the BRs say it they > should do it, I'd be interested to know if anyone knows _why_ this is a > requirement. If nothing has changed about the CA's CP or CPS, why is > there a need to change the date on it every year?
I think the point is that changes in the BR might require you to update it. Kurt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
