That's a good point. The goal of that language was to phase in the requirement, but that language will need to be modified. Thanks, Ben
On Wed, Nov 16, 2022 at 12:46 PM Jesper Kristensen <[email protected]> wrote: > The main difference as I read it, is a weakening of the requirement by > adding "reasonably available", which effectively changes the requirement > from a MUST to a SHOULD. Is that the intended interpretation? > > Den tir. 15. nov. 2022 kl. 00.33 skrev Ben Wilson <[email protected]>: > >> All, >> >> This discussion thread relates to the GitHub Mozilla PKI Policy Issue >> #249 <https://github.com/mozilla/pkipolicy/issues/249>. >> >> Here are the currently proposed changes to item 7 of Mozilla Root Store >> Policy (MRSP) section 3.3 >> <https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/#33-cps-and-cpses> >> : >> >> *Effective December 31, 2022,* CA operators SHALL maintain links * in >> their online repositories* to * all reasonably available historic* older >> versions of each CP*s* and CPS*es* (or CP/CPS*es*) *from the creation of >> included CAs*, regardless of changes in ownership or control of *such* the >> root CA*s*, until the entire root CA certificate hierarch*ies*y *(i.e. >> end entity certificates, intermediate CA certificates, and >> cross-certificates)* operated in accordance with such documents *are* is >> no longer trusted by the Mozilla root store. >> >> The proposed changes are meant to clarify the requirement. >> >> Thank you, >> >> Ben >> >> -- >> You received this message because you are subscribed to the Google Groups >> "[email protected]" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaZn1_XF4XBQVp-eqWDC9Eke4iXX%3D774t0K%3DeHqXtOCv5w%40mail.gmail.com >> <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtaZn1_XF4XBQVp-eqWDC9Eke4iXX%3D774t0K%3DeHqXtOCv5w%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtabXJTcZKhxBxPstygL3-2bA_1w7aGCLXtPhcENg4rJBDA%40mail.gmail.com.
