On 2015-02-04 14:55, Man Ho (Certizen) wrote:
But making a statement in CP/CPS means that CA "has already complied" with the "latest version" of BRs. In other words, CA has already complied with all potential changes of BRs at all time. Such statement could be a false statement when the "latest version" of BRs has been changed and CA actually cannot comply with the changes at that time. Hence, users are misled by the statement at that time.
So maybe the CP/CPS should indicate what the version is they comply with, and update it on regular basis? Or maybe just say that they will follow the updates?
Kurt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
