On Tuesday, March 21, 2017 at 11:34:30 AM UTC-7, Gervase Markham wrote: > On 21/03/17 10:16, Gervase Markham wrote: > > On 17/03/17 11:30, Gervase Markham wrote: > >> The URL for the draft of the next CA Communication is here: > >> https://mozilla-mozillacaprogram.cs54.force.com/Communications/CACommunicationSurveySample?CACommunicationId=a050S000000G3K2 > > > > A few more wording tweaks on the current version: > > In Action 1, we should replace: > > "However, if additional methods of domain validation are added to > section 3.2.2.4 of the BRs in the future, they will also be permitted." > > with: > > "Mozilla expects that all missing methods will be restored to the > Baseline Requirements in the near future. Once that happens, we will > return to the practice of requiring conformance to the latest version of > the BRs." > > (The CAB Forum PAG is about to resolve itself; happily, all participants > have agreed to license their patents under a CAB Forum RF license. It's > now just a question of getting a ballot done to add back the missing > methods. Yay :-) > > Gerv
Glad to hear that. Second paragraph of Action 1 now says: ~~ Note that version 1.4.2 of the BRs does not contain all 10 of these methods, but it does contain section 3.2.2.4.11, "Other Methods", so the subsections of version 3.2.2.4 that are marked "Reserved" in version 1.4.2 of the BRs are still BR-compliant under version 1.4.2. By Mozilla policy, CAs are not permitted to rely on the "Other Methods" section to use methods of domain validation that are not among the 10 listed in section 3.2.2.4 of version 1.4.1 of the BRs. Mozilla expects that all of the methods for doing domain validation that are missing in version 1.4.2 of the BRs will be restored to a forthcoming version of the BRs, so we will once again be able to accept all of the methods of domain validation listed in the latest version of the BRs. ~~ Thanks, Kathleen _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy