On Thu, Nov 30, 2023 at 03:17:15PM -0800, 'Aaron Gable' via [email protected] wrote: [...] > In cases like these, is it acceptable for the identified section of the > CP/CPS to say "See Section such-and-such for..."? > > Specifically, would it be acceptable for Section 4.2 of a CP/CPS to say > "See Section 3.2.2.8 CAA Records for details of the CA's policy on > processing CAA records"? Or similarly, would it be acceptable for Section > 1.5.2 to say "See Section 4.9.3 for instructions on how to make a > revocation request or submit a certificate problem report"? > > Or does that kind of intra-document cross-reference not satisfy the above > requirements? > > I'm curious what other members of this community think.
In theory, I believe that a reference to another piece of text would satisfy the spirit of the requirements. Practically, though, I'd worry that it would be very easy for the destination reference to "lose" the relevant information over time. The cause I'm thinking of is when the destination reference is edited, the person making the change may not take into account the requirements in the linked-from section when making revisions, and only satisfy the letter of the changed section. Take, for example, linking 1.5.2 to 4.9.3. There's no requirement for 4.9.3 to contain contact information in a form suitable for satisfying the requirements of 1.5.2, and while a CPS' 4.9.3 may initially satisfy the requirements of 1.5.2, someone revising 4.9.3 in the future, inadvertently failing to bear in mind the "link", may modify 4.9.3 in such a way that it no longer satisfies the requirements of 1.5.2. In short, I don't think it's disallowed, but if I were running a CA I think I'd err on the side of caution and not do it for normative references. - Matt -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/69035b61-0a47-4966-a025-a46bc7fff870%40mtasv.net.
