Yes, that date comes from the Mozilla Root Program, but this requirement is new for the other Root Programs and for the BR.
The other thing is that without having an indicated effect date, the requirement can be interpreted in that way, that every valid Subordinate CA certificate shall comply this requirement, even if it has been issued years ago. I would just like to get confirmation that this requirement does not mean that all subordinate CA certificates that are currently non-compliant shall be revoked, which were issued prior to the effective date. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy