On Fri, Aug 16, 2024 at 7:10 AM 'Martijn Katerbarg' via CCADB Public < [email protected]> wrote:
> What update are root stores / CCADB expecting out of these options: > > > > - The new CPS should be added, and the old CPS should be deleted as it > is no longer in effect for new certificate issuance. > - The new CPS should be added, but the old CPS should be kept in place > as long as there are unexpired certificates under its policy. > - The new CPS should be added. Older entries should be kept > indefinitely to serve as an archive overview. > > As a community member, I would prefer 3, but would want at least 2 as long as there are unexpired certs that are trusted by currently-supported browsers or operating systems. I think the most common practice is 1, though? A related question: what, if any, information should CAs provide about material changes between adjacent CPS versions? There is a wide range of practices here, but I think at least a summary of the changes or a list of affected sections would be helpful in a number of ways. Mike > - > > > - > > -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/CADQzZqsV%2BOdGz3DZMy2ZPOiXo64DBDW7AB--ctauEBafJFE1uw%40mail.gmail.com.
