Thanks for the feedback, Dimitris. Some CAs have a URL pointing always to the "latest version" of the > corresponding document but I believe the guidance from the CCADB steering > committee was to link to a *specific version* of the document. Is it ok > for CAs to add URLs that point to the "latest version" of the document?
Currently, we see some CA Owners using a URL with a specific version of the document and others using a URL that points to where the latest version of the document can be found. Both are acceptable. The POLICY DOCUMENTS guide <https://docs.google.com/document/d/1qAVihgbo7TuH3xqq2zbxhxHajQnJwbHUGEFf2VjxoZQ/edit#bookmark=id.gqczpewy5797> states: "If the link to your CA’s most current policy document remains constant, then you can simply edit the document object to update the date, add policy identifiers, update comments, and update the list of applicable root certificates." I understand the complexity when multiple CP or CPS documents exist. The > last approach sounds risky because a CA Owner might overlook and not set > the correct field. Usually it takes a few days between the creation of a > new version of a CP/CPS and the update in CCADB so the "current date" will > be an incorrect default most of the time. If there is no way to correlate > the superseded with the updated CP/CPS effective date, I think it's better > to leave it blank. We agree with the approach of leaving the field blank to reduce risk. We’ll look for additional opportunities for automation in the future. On Thu, Aug 29, 2024 at 2:04 AM 'Dimitris Zacharopoulos (HARICA)' via CCADB Public <[email protected]> wrote: > > > On 28/8/2024 10:58 μ.μ., 'Chris Clements' via CCADB Public wrote: > > > If I remember correctly, in the Add/Update Root Request when a CP/CPS >> document is added, there is a field indicating the effective date of that >> document. If CCADB could be automated to set this particular field as the >> "Policy >> Document Superseded Date" in the previous superseded documents, it would >> be very helpful and would ensure consistency between the latest and >> previous versions of the documents in the DB on the date issue. > > > Your recollection is correct. This approach could be viable for CA Owners > who utilize the same URL for the “Document Link”, but that is atypical and > the CCADB would not otherwise be able to understand the relationship > between the multiple policy document records. > > > Some CAs have a URL pointing always to the "latest version" of the > corresponding document but I believe the guidance from the CCADB steering > committee was to link to a *specific version* of the document. Is it ok > for CAs to add URLs that point to the "latest version" of the document? > > Another way to flag a specific document, is by title. If a CA uses > multiple documents, each document must have a distinct name, and for this > name, a specific version. Let's assume the CA has a document named "MyCA > Certificate Policy Document" and "MyCA Certification Practice Statement > Document". When the CA updates the version of "MyCA Certificate Policy > Document" it must include the effective date, which could be correlated > with the at-the-time current version of the document with the same title, > and set the "Policy Document Superseded Date" automatically. The other > document would remain unchanged. It sounds complicated but I think it's > worth the effort to avoid mix-ups with dates which may cause unintended > incidents/policy violations. > > > Another approach we could consider would be when the CA Owner selects any > existing policy document record in the Case UI and clicks the new > “Supersede” button the "Policy Document Superseded Date" field could auto > populate with the current date. We previously proposed clicking this button > would require the CA Owner to manually select the date, but maybe we auto > populate the date and still offer the CA Owner the ability to edit it, if > needed. > > > I understand the complexity when multiple CP or CPS documents exist. The > last approach sounds risky because a CA Owner might overlook and not set > the correct field. Usually it takes a few days between the creation of a > new version of a CP/CPS and the update in CCADB so the "current date" will > be an incorrect default most of the time. If there is no way to correlate > the superseded with the updated CP/CPS effective date, I think it's better > to leave it blank. > > Thanks, > Dimitris. > > > -- > You received this message because you are subscribed to the Google Groups > "CCADB Public" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/ccadb.org/d/msgid/public/c5a54377-df08-4ed5-8131-b7d2021f22cd%40harica.gr > <https://groups.google.com/a/ccadb.org/d/msgid/public/c5a54377-df08-4ed5-8131-b7d2021f22cd%40harica.gr?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/CAAbw9mAeyxgEEcPh7jgx%2BcEKbgVE1M1D%2BoGyvc9DxHGOPBYSZA%40mail.gmail.com.
