On 10/15/18 12:48 AM, Pedro Fuentes wrote:
Hello,
I've a question closely related to this. I'd appreciate guidance.
I'm refactoring our CP & CPS documents considering that a CA can issue
different types of certificates, so there would be multiple CP and one CPS.
My strategy is that if the stipulation is defined in one of the document (CP or
CPS), then the other document can refer to the other (CPS or CP).
So, for example, as the CPS will support/implement different CP, for certain aspects (i.e.
suspension), I'd like to refer to the CP as source, with the text "As stipulated in the
appropriate CP". Like wise, in certain cases the stipulation could be defined in the CPS, so
the CP would have the text "As stipulated in the CPS". This means that someone evaluating
the practices for SSL certificates would have to consider jointly the CP of SSL certificates and
the CPS, while someone evaluating personal certificates for email should consider the CP for S/MIME
certificates and the CPS.
I used this in the past while writing some docs for customers... Would this be
cross-referencing still acceptable?
Thanks,
Pedro
Yes, cross-referencing is still acceptable, as long as it is very clear
which root certificates each CP and CPS document governs.
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
