On 04/04/15 04:20, Eugene wrote: > According to the CA Baseline Requirements section 8.2.1, "The CA > SHALL develop, implement, enforce, and **annually update** a > Certificate Policy and/or Certification Practice Statement that > describes in detail how the CA implements the latest version of these > Requirements." > > But it seems that, among fifteen root and intermediate CAs that I > have checked, four of them haven't updated their CP or CPS documents > for more than one year.
While I am keen on CAs following the BRs, and if the BRs say it they should do it, I'd be interested to know if anyone knows _why_ this is a requirement. If nothing has changed about the CA's CP or CPS, why is there a need to change the date on it every year? Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
