Re: What does "No Stipulation" mean, and when is it OK to use it in CP/CPS?

Wed, 24 Oct 2018 06:44:08 -0700 

On 24/10/2018 00:08, Tim Hollebeek wrote:

I agree with you, but December 31 is a particularly horrible compliance 
deadline.  Perhaps January 31?



Note that the requirement applies only to CP/CPS dated after that date.
So it is really Dec 31 + the time until the CP/CPS is updated for some
other reason.  This is different than many other policy requirements,
and a welcome reduction in administrative overhead for all concerned
(including root programs and relying parties).

For example, it a CA updated their CP/CPS in August 2018 to comply with
new BRs, and again in May 2019 due to annual review, they need not
comply until May 2019.




-----Original Message-----
From: dev-security-policy <[email protected]> On
Behalf Of Wayne Thayer via dev-security-policy
Sent: Monday, October 22, 2018 6:00 PM
To: Kathleen Wilson <[email protected]>
Cc: mozilla-dev-security-policy <[email protected]>
Subject: Re: What does "No Stipulation" mean, and when is it OK to use it in
CP/CPS?

Having given this some more thought, I suggest the following changes:

...

* Finally, I think we need some effective date for these as required practices.
One approach would be to require compliance for any CP/CPS dated after Dec
31, 2018.

- Wayne

On Tue, Oct 23, 2018 at 2:25 AM Kathleen Wilson via dev-security-policy <
[email protected]> wrote:


I have updated the section as follows:
- Removed the sentence that was trying to limit the use of "No
Stipulation". Hopefully the clarification about what these words mean
is sufficient.
- Added bullet points
- Added "Sections MUST not be left blank. ..."




https://wiki.mozilla.org/CA/Required_or_Recommended_Practices#CP.2FCPS

_Structured_According_to_RFC_3647


I continue to appreciate your feedback on this new section.




Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
              • Re:... Kathleen Wilson via dev-security-policy
              • Re:... Matt Palmer via dev-security-policy
            • Re: Wha... Jakob Bohm via dev-security-policy
              • Re:... Joanna Fox via dev-security-policy
              • RE:... Tim Hollebeek via dev-security-policy
              • Re:... Ryan Sleevi via dev-security-policy
              • Re:... Kathleen Wilson via dev-security-policy
              • Re:... Wayne Thayer via dev-security-policy
              • Re:... Kathleen Wilson via dev-security-policy
              • RE:... Tim Hollebeek via dev-security-policy
              • Re:... Jakob Bohm via dev-security-policy
              • RE:... Tim Hollebeek via dev-security-policy
              • Re:... Wayne Thayer via dev-security-policy
              • Re:... Joanna Fox via dev-security-policy
              • Re:... Wayne Thayer via dev-security-policy
              • Re:... Jakob Bohm via dev-security-policy
              • Re:... Ryan Sleevi via dev-security-policy
              • Re:... Jakob Bohm via dev-security-policy
              • Re:... Wayne Thayer via dev-security-policy
  • RE: What does "No Stipul... Brown, Wendy (10421) via dev-security-policy

Reply via email to