I have begun work on version 2.6 of the Root Store Policy by drafting some changes that are [I hope] uncontroversial. The diff can be viewed at https://github.com/mozilla/pkipolicy/compare/2.6
The changes I have already drafted are: - Require disclosure of email validation practices in CPS (Issue #114) - Require audit statements to be provided by the auditor in English (Issue #106) - Clarify ‘technically constrained’ language and update compliance date to match what has been communicated (Issue #111 and #91) - Update root inclusion criteria (Issue #118 and #104) - Add compliance date (Issue #117) - Minor bug fixes I will appreciate any feedback you have on these changes. I have also selected a set of proposed updates that I would like to discuss and fix in this version of the policy. The issues I selected are tagged with “2.6” on GitHub: https://github.com/mozilla/pkipolicy/issues If there are additional issues that I have not tagged but that you feel are important to address in this version of the policy, please speak up. As has been done in the past, I plan to post individual issues for discussion in small batches over the coming weeks. - Wayne _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
