On Fri, Jun 14, 2024 at 12:44 PM Wayne <[email protected]> wrote:
> As for your questions: > 1. It depends on the context - not a straight answer but this is a complex > document. I am of the opinion that given the language of the "take > precedence" statement, it was meant to fill-in gaps that are left by an > otherwise defective CPS that is lacking in substance on a particular > section. Likewise, if a CA decides to insert language into a portion of > their CPS that further restrains them, they then should not be able to > claim that the BR overrides it. I hope that makes some sense? > If you’re referring to the CPS forbidding something that the BRs permit but don’t require, then I don’t think there’s a conflict that needs an override order to resolve. But if the CA puts something in the CPS that conflicts with a BR requirement or proscription, then the BR should take precedence and IMO the CPS should be considered invalid until that conflict is eliminated. I *think* that means that certificates issued under the conflicting CPS would be considered misissued, because the subscriber of relying party might have been relying on an invalid part of the CPS. Does *that* make some sense? Mike -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CADQzZqsPA1OxkC0OfO-3%3DpvrAgapNfEc5Rg%3DdX%2B_0_Aa0ZGOCA%40mail.gmail.com.
