All, I have narrowed down proposed changes for the version 2.8.1 batch of changes to clarifications needed in the Mozilla Root Store Policy (MRSP) to the following:
Issue #249 <https://github.com/mozilla/pkipolicy/issues/249> – Clarify that CA operators are required to maintain *all* applicable CPs and CPSes during the CA’s lifetime Issue #251 <https://github.com/mozilla/pkipolicy/issues/251> – Clarify that CAs not issuing certificates are not required to provide Full CRL information in the CCADB Issue #253 <https://github.com/mozilla/pkipolicy/issues/253> – Clarify that a CA must clearly specify the procedures that it employs and state each subsection of 3.2.2.4 that it is complying with Issue #256 <https://github.com/mozilla/pkipolicy/issues/256> – I propose that we close this issue (require Issuing Distribution Point extensions in sharded CRLs) because it has been addressed recently by CA/Browser Forum Ballot SC-058 <https://cabforum.org/2022/11/11/ballot-sc58-require-distributionpoint-in-sharded-crls/> Issue # 257 <https://github.com/mozilla/pkipolicy/issues/257> – Require that CAs also follow discussions on the CCADB Public List Here is a redlined version of the MRSP with the proposed changes, as they currently exist. https://github.com/mozilla/pkipolicy/compare/master...BenWilson-Mozilla:pkipolicy:2.8.1 Please let me know if other "clean up" items should be added to this batch of changes. I will start separate discussion on each of these, beginning with Issue #251, because it has been noted recently that more clarification is needed, and the proposed language doesn't yet fully address the issue, see e.g., https://bugzilla.mozilla.org/show_bug.cgi?id=1793210. Thanks, Ben -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaYY7Juc6Jgr3RH-6-pgNcBHAns%2BZDSpT3phPBJ9YOLsnQ%40mail.gmail.com.
