A public-review-and-discussion process, defined in [Process for Review and Approval of Externally Operated Subordinate CAs], SHALL occur whenever a CA operator has not previously undergone such process for the type of certificate to be issued and the CA operator will obtain a new unconstrained CA certificate with new issuance capabilities.
For clarity, CA operators with intermediate CAs that are currently trusted because of having been signed by root CAs trusted by Mozilla are subject to this requirement. However, this process is not required when:
· the CA operator has already undergone the public-review-and-discussion process for the type of certificate to be issued;
· new certificate-issuance capabilities are not being introduced;
· both CA operators are already in the Mozilla root program for the type of certificate to be issued; or
· the new CA certificate will be issued with the same issuance capabilities by the same root CA to replace a CA certificate that was issued prior to [date].
The process outlined herein is not required when:
· the CA operator has already undergone the public-review-and-discussion process for the type of certificate to be issued;
· new certificate-issuance capabilities are not being introduced;
· both CA operators are already in the Mozilla root program for the type of certificate to be issued; or
· the new CA certificate will be issued with the same issuance capabilities by the same root CA to replace a CA certificate that was issued prior to [date].