We're concluding discussions on all of the issues identified for version 2.6 of the policy [1].
You can find a complete set of changes here: https://github.com/mozilla/pkipolicy/compare/master...2.6 Two of the changes [2][3] require CAs to update their CP/CPS. For many CAs the current practice is to wait for the next required annual review (usually coinciding with their audit) to make CP/CPS changes. Do we want to allow that practice to continue, or set a date by which we expect CP/CPSs to reflect the new requirements? This was previously discussed [4], with the outcome being that we would make these decisions on a case-by-case basis. - Wayne [1] https://github.com/mozilla/pkipolicy/issues?utf8=%E2%9C%93&q=label%3A2.6+ [2] https://github.com/mozilla/pkipolicy/commit/e5269ff0d6ced93a6c6af65947712b8e4b2e18b8 [3] https://github.com/mozilla/pkipolicy/commit/42ebde18794bc1690885bfdd4e3fb12e7c2c832b [4] https://groups.google.com/d/msg/mozilla.dev.security.policy/PYIAoh6W6x0/TT2u4wfoBQAJ On Mon, Mar 19, 2018 at 10:15 PM Wayne Thayer <[email protected]> wrote: > There are 17 proposed changes in total for version 2.6 of the policy, and > I'm about to kick off discussions on the first batch. I expect some of > these to be straightforward while others will hopefully generate good > dialogues. As always, everyone's constructive input is appreciated. > > Thanks, > > Wayne > > On Wed, Feb 21, 2018 at 9:14 AM, Wayne Thayer <[email protected]> wrote: > >> I've added the issue of subordinate CA transfers to the list for policy >> version 2.6: https://github.com/mozilla/pkipolicy/issues/122 >> >> > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
