On 24/01/18 16:44, Wayne Thayer wrote: > In the past, new policy versions have not had a clearly defined future > effective date. That seems to have led some CAs to interpret the timing for > making changes to be "whenever we get around to it" instead of the intent > of "the policy is effective immediately and we expect you to comply with it > as soon as possible". Given this abuse, I'd prefer to put a date on each > new version of the policy by which CAs are expected to comply with it. This > date would be 2-3 months after the policy was announced, but would also > allow specific carve-outs for changes that take longer.
We do actually do that, it's just not written in the policy itself. See: https://wiki.mozilla.org/CA/Root_Store_Policy_Archive which gives all the publication dates and compliance dates. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy