I have narrowed down proposed changes for the version 2.8.1 batch of changes to clarifications needed in the Mozilla Root Store Policy (MRSP) to the following:
Issue #249 – Clarify that CA operators are required to maintain all applicable CPs and CPSes during the CA’s lifetime
Issue #251 – Clarify that CAs not issuing certificates are not required to provide Full CRL information in the CCADB
Issue #253 – Clarify that a CA must clearly specify the procedures that it employs and state each subsection of 220.127.116.11 that it is complying with
# 257 – Require that CAs also follow discussions on the CCADB Public List
Here is a redlined version of the MRSP with the proposed
changes, as they currently exist.
Please let me know if other "clean up" items should be added to this batch of changes.
I will start separate discussion on each of these, beginning with Issue #251, because it has been noted recently that more clarification is needed, and the proposed language doesn't yet fully address the issue, see e.g., https://bugzilla.mozilla.org/show_bug.cgi?id=1793210.