Proposed update to CCADB logic for policy documents

[Chris Clements]

Hi All,

The CCADB SC is considering an Enhancement Request to technically enforce the following logic for evaluating policy document disclosures in the system.

If the parent certificate record discloses a CP:

A) It MUST disclose a CPS

B) It MUST NOT disclose a CP/CPS

C) All child certificate records MUST either:

(1) disclose a combined CP/CPS; OR

(2) disclose (a) a CP (either select "same as parent" OR a different CP) AND (b) a CPS (either select "same as parent" OR a different CPS).

If the parent certificate record discloses a CPS:

A) It MUST disclose a CP

B) It MUST NOT disclose a CP/CPS

C) All child certificate records MUST either:

(1) disclose a combined CP/CPS; OR

(2) disclose (a) a CPS (either select "same as parent" OR a different CPS) AND (b) a CP (either select "same as parent" OR a different CP).

If the parent certificate record discloses a combined CP/CPS:

A) It MUST NOT disclose a CP

B) It MUST NOT disclose a CPS

C) All child certificate records MUST either:

(1) disclose the same combined CP/CPS ("same as parent");

(2) disclose a different CP/CPS; OR

(3) disclose a CP and a CPS.

We are also considering adding a technical constraint to prevent a policy document URL disclosed as a specific document type for one certificate record (e.g., https://my-ca.com/cp_1_4.pdf, type = “CP”) from being disclosed on a separate record using a different policy document type (i.e., “CPS” or “CP/CPS”).

Feedback on the above processing logic is welcome.

Thank you

-Chris, on behalf of the CCADB Steering Committee