Hi Aaron, On Thu, Nov 30, 2023 at 4:17 PM 'Aaron Gable' via [email protected] <[email protected]> wrote:
> The Baseline Requirements have a few places where they require that a CA > include specific information in a specific section of their CP/CPS. Two > examples: > > Section 2.2 Publication of information > > Section 4.2 of a CA's Certificate Policy and/or Certification Practice > Statement SHALL state the CA's policy or practice on processing CAA Records > for Fully-Qualified Domain Names... > > Section 4.9.3 Procedure for revocation request > > The CA SHALL publicly disclose the instructions through a readily > accessible online means and in Section 1.5.2 of their CPS. > > My recollection is that the intent of this statement was to make it so that one doesn't need to search/scroll through a CPS to find the CA's problem reporting mechanism. In that context, a reference is undesirable. In cases like these, is it acceptable for the identified section of the > CP/CPS to say "See Section such-and-such for..."? > > Specifically, would it be acceptable for Section 4.2 of a CP/CPS to say > "See Section 3.2.2.8 CAA Records for details of the CA's policy on > processing CAA records"? Or similarly, would it be acceptable for Section > 1.5.2 to say "See Section 4.9.3 for instructions on how to make a > revocation request or submit a certificate problem report"? > > Or does that kind of intra-document cross-reference not satisfy the above > requirements? > > In my opinion a reference does not satisfy the requirement as written, but I can understand how others may have different interpretations. - Wayne > I'm curious what other members of this community think. > > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CAPh8bk9i6HZb-8O%3DEOFE1tLpOF4tQT9%3Dc4PbEb3gwVo1c_J-VQ%40mail.gmail.com.
