We have applied the changes in the current CPS, please see https://www.ecert.gov.hk/product/cps/ecert/img/server_cps_en4.pdf
So, the "Pre-production" CPS will be advanced to version 5, that will replace the current CPS after Mozilla community discussion. If any member has other comments, you're welcome to bring it out. :) On 17-Jan-19 10:25 AM, Man Ho via dev-security-policy wrote: Thanks for all the comments. I'm preparing now to apply the relevant changes from the "Pre-production" CPS in the current CPS to clarify these concerns. Specifically, 1. correct the description of revocation process to fix the suspension and revocation issue. 2. make a statement in PREAMBLE that "...HKPost to appoint Registration Authorities (RAs) as its agents to carry out certain of the functions of HKPost as a Recognized CA as set out in this CPS, except the functions of domain name validation." 3. modify section 4.9.1 to include all revocation reasons required by BR 4.9.1.1 Please note that this update to the current CPS will advance the version of current CPS from version 3 to version 4. So, the "Pre-production" CPS will be version 5, replacing the current CPS. If any member has other comments, you're welcome to bring it out. On 16-Jan-19 5:30 AM, Wayne Thayer via dev-security-policy wrote: I think you and David are also suggesting that the CPS for existing roots must be updated to fix the suspension and revocation issues listed under "bad", and to clarify the external RA concern listed under "meh". _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org<mailto:dev-security-policy@lists.mozilla.org> https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy