All,
I have narrowed down proposed changes for the version 2.8.1 batch of changes to clarifications needed in the Mozilla Root Store Policy (MRSP) to the following:
Issue #249 – Clarify that CA operators are required to maintain all applicable CPs and CPSes during the CA’s lifetime
Issue #251 – Clarify that CAs not issuing certificates are not required to provide Full CRL information in the CCADB
Issue #253 – Clarify that a CA must clearly specify the procedures that it employs and state each subsection of 3.2.2.4 that it is complying with
Issue #256 – I propose that we close this issue (require Issuing Distribution Point extensions in sharded CRLs) because it has been addressed recently by CA/Browser Forum Ballot SC-058
Issue
# 257 – Require that CAs also follow discussions on the CCADB Public List
Here is a redlined version of the MRSP with the proposed
changes, as they currently exist.
https://github.com/mozilla/pkipolicy/compare/master...BenWilson-Mozilla:pkipolicy:2.8.1
Please let me know if other "clean up" items should be added to this batch of changes.
I will start separate discussion on each of these, beginning with Issue #251, because it has been noted recently that more clarification is needed, and the proposed language doesn't yet fully address the issue, see e.g., https://bugzilla.mozilla.org/show_bug.cgi?id=1793210.
Thanks,
Ben