All, In response to CA operators' requests for clarifications on our new Mozilla Root Store Policy (MRSP) requirement that they make all of their Certificate Policies (CPs), and Certification Practices Statements (CPSes) (or combined CP/CPSes) publicly available [1], I have reached out to some CAs to clarify our intent, and I have edited the notes on the policy archive wiki page [2] to state that by December 31, 2022, "CA operators will need to maintain (in their online policy repository) all older (and available) versions of each CP and CPS (or CP/CPS), regardless of changes in ownership or control of the root CA, until the entire root CA certificate hierarchy operated in accordance with such documents is no longer trusted by the Mozilla root store."
I also created GitHub Issue 249 [3] to track amendments to section 3.3 that will clarify this issue of policy in the next version of the MRSP--to emphasize that we expect "all" (relevant and reasonably available) CPs and CPSes to be made publicly available. Thus, the expectation is that by the end of the year (if not before), CA operators will make diligent efforts to obtain all older versions of their CPs and CPSes and to have those publicly available along with their current CP, CPS, or combined CP/CPS. Thanks, Ben [1] <goog_1835215842> https://ccadb-public.secure.force.com/mozillacommunications/CACommResponsesOnlyReport?CommunicationId=a058Z000013UmsDQAS&QuestionId=Q00166,Q00167,Q00168 [2] https://wiki.mozilla.org/CA/Root_Store_Policy_Archive [3] https://github.com/mozilla/pkipolicy/issues/249 -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaYm3em3A0bi29i7KXaAP8aMGhdDBKCPpsFQ7C7BBM-qGQ%40mail.gmail.com.
