The scope of the BRs is ambiguous, and almost certainly smaller than the scope of the Mozilla policy. It might be useful to explicitly draw attention to that fact, for the avoidance of doubt.
Proposal: add a bullet to section 2.3, where we define BR exceptions: "Insofar as the Baseline Requirements attempt to define their own scope, the scope of this policy (section 1.1) overrides that. Mozilla expects CA operations relating to issuance of all SSL certificates in the scope of this policy to conform to the Baseline Requirements." This is: https://github.com/mozilla/pkipolicy/issues/72 ------- This is a proposed update to Mozilla's root store policy for version 2.5. Please keep discussion in this group rather than on Github. Silence is consent. Policy 2.4.1 (current version): https://github.com/mozilla/pkipolicy/blob/2.4.1/rootstore/policy.md Update process: https://wiki.mozilla.org/CA:CertPolicyUpdates _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy