I think this exception is only acceptable if the CA commits in its CPS on not issuing leaf certificates from a Policy CA... And we should consider such leaf certificates after the effective date as misissuances.
But maybe enforcing and controlling this requirement could be tricky. Just my two cents... Pedro _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy