On 20/04/17 17:29, Ryan Sleevi wrote: > Data gathering and verification are very much parts of certificate > issuance. So is operation of an OCSP responder or issuance of CRLs, or > the maintenance of audit logs.
But those latter things don't necessarily happen at the exact same points in time. > The default is that, at any point in time, everything the CA does must > be consistent with the current and complete text. Er, isn't that what I said? :-) For every action, if future actions are exempted from a requirement you have to say so, but if only past actions are exempted (i.e. the rule is applicable from the moment of writing it into the doc) you don't say anything - i.e. that's the default. Gerv _______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
