I think this exception is only acceptable if the CA commits in its CPS on not 
issuing leaf certificates from a Policy CA... And we should consider such leaf 
certificates after the effective date as misissuances.

But maybe enforcing and controlling this requirement could be tricky.

Just my two cents...

Pedro
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to