This is extremely nitpicky and in the weeds, so excuse me, but …
It has been pointed out internally that the draft 2.9 Mozilla policy includes a normative reference in section 3.1.4 to CCADB policy section 5.1, without specifying a version.
The has the practical effect of meaning that CCADB Policy updates to section 5.1 could happen at any time, and CAs are expected to comply immediately with no transition period. This seems extremely dangerous, unintended, and likely to end badly.
I’m not sure what the best fix is. Requirements that reference external documents that can change at any time are always very tricky to handle in a good way.
-Tim