On Monday, November 7, 2016 at 4:38:53 PM UTC-8, Santhan Raj wrote: > May be I'm missing it, but I don't see 8.7 (or at least the lines quoted > above) requiring TCSC to be compliant with BR. I read it as TCSCs must adhere > to the Issuing CA's CP and their own (TCSC's) CPS, adhereance towards which > should be verified by the Issuing CAs, however it doesn't (explicitly) state > TCSC compliance towards BR.
Section 8 requires it. Section 8.1 does not eliminate the requirement to compliance with Section 8, merely, it limits the auditing of compliance to that defined in Section 8.7 _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
