This is extremely nitpicky and in the weeds, so excuse me, but ... It has been pointed out internally that the draft 2.9 Mozilla policy includes a normative reference in section 3.1.4 to CCADB policy section 5.1, without specifying a version.
The has the practical effect of meaning that CCADB Policy updates to section 5.1 could happen at any time, and CAs are expected to comply immediately with no transition period. This seems extremely dangerous, unintended, and likely to end badly. I'm not sure what the best fix is. Requirements that reference external documents that can change at any time are always very tricky to handle in a good way. -Tim -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/SN7PR14MB64926D098367FAABC4CB14FE831AA%40SN7PR14MB6492.namprd14.prod.outlook.com.
