Having received no new comments, I'll plan to include this change in policy version 2.7.
- Wayne On Tue, Apr 16, 2019 at 3:40 PM Wayne Thayer <wtha...@mozilla.com> wrote: > I went ahead and added this change to the 2.7 branch: > https://github.com/mozilla/pkipolicy/commit/1e7f4edb97c4497e2e04442797ebc670e9d80b44 > > I removed the phrase "In addition to existing rules placed on the > structure of CPs and CPSes that comply with the CA/Browser Forum Baseline > Requirements" because we have S/MIME-only CP/CPS' in our program that don't > have to comply with the BRs. > > Given that this is already a required practice, I don't expect there to be > any concerns from CAs with the compliance date. If there are any CAs that > will have difficulty with this date, please explain why and what a more > reasonable date would be. > > On Mon, Apr 1, 2019 at 5:18 PM Wayne Thayer <wtha...@mozilla.com> wrote: > >> In October we discussed the use of "No Stipulation", empty sections, and >> blank sections in CP/CPSes. [1] The result was an update to the "Required >> Practices" wiki page. [2] I propose moving this into policy by adding the >> following paragraph to the bottom of section 3.3 "CPs and CPSes" >> >> In addition to existing rules placed on the structure of CPs and CPSes >>> that comply with the CA/Browser Forum Baseline Requirements, and effective >>> for versions dated after 30-September, 2019, CPs and CPSes MUST be >>> structured according to RFC 3647 and MUST: >>> * Include at least every section and subsection defined in RFC 3647; and, >>> * Only use the words "*No Stipulation*" to mean that the particular >>> document imposes no requirements related to that section; and, >>> * Contain no sections that are blank and have no subsections. >>> >> >> This is https://github.com/mozilla/pkipolicy/issues/158 >> >> I will appreciate everyone's input on this proposal. >> >> - Wayne >> >> [1] >> https://groups.google.com/d/msg/mozilla.dev.security.policy/Cth8n4mxxmQ/oWV_DgpNBAAJ >> [2] >> https://wiki.mozilla.org/CA/Required_or_Recommended_Practices#CP.2FCPS_Structured_According_to_RFC_3647 >> > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
