The Baseline Requirements have a few places where they require that a CA include specific information in a specific section of their CP/CPS. Two examples:
Section 2.2 Publication of information > Section 4.2 of a CA's Certificate Policy and/or Certification Practice Statement SHALL state the CA's policy or practice on processing CAA Records for Fully-Qualified Domain Names... Section 4.9.3 Procedure for revocation request > The CA SHALL publicly disclose the instructions through a readily accessible online means and in Section 1.5.2 of their CPS. In cases like these, is it acceptable for the identified section of the CP/CPS to say "See Section such-and-such for..."? Specifically, would it be acceptable for Section 4.2 of a CP/CPS to say "See Section 3.2.2.8 CAA Records for details of the CA's policy on processing CAA records"? Or similarly, would it be acceptable for Section 1.5.2 to say "See Section 4.9.3 for instructions on how to make a revocation request or submit a certificate problem report"? Or does that kind of intra-document cross-reference not satisfy the above requirements? I'm curious what other members of this community think. Thanks, Aaron -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAEmnEredGSLoMgwOpJvwVaSVLHUUXrsKMKr2VZEZe%2BXehteXrw%40mail.gmail.com.
