On Fri, Apr 26, 2019 at 5:14 PM Wayne Thayer <wtha...@mozilla.com> wrote:
> Section 6 ("Revocation") of Mozilla's Root Store Policy states:
>
> CAs MUST revoke Certificates that they have issued upon the occurrence of
>> any event listed in the appropriate subsection of section 4.9.1 of the
>> Baseline Requirements, according to the timeline defined therein.
>>
>
> Because the BRs don't apply to intermediate and end-entity certificates
> that are constrained to S/MIME, it's not clear if our policy requires that
> those certificates follow the BR revocation requirements or not.
>
> The discussion [1] that led to the current language makes it clear that
> the intent is for the revocation requirement to apply to S/MIME
> certificates.
>
> I propose adding the following statement to clarify the scope of this
> section:
>
> This requirement applies to certificates that are not otherwise required
>> to comply with the BRs.
>
>
> This is https://github.com/mozilla/pkipolicy/issues/166 and
> https://github.com/mozilla/pkipolicy/issues/167
>
>
Kathleen pointed out that I referenced the wrong issues. The correct issues
are:
https://github.com/mozilla/pkipolicy/issues/176 and
https://github.com/mozilla/pkipolicy/issues/177
I will appreciate everyone's input on this proposal.
>
> - Wayne
>
> [1]
> https://groups.google.com/d/msg/mozilla.dev.security.policy/eAy0lxgFHR8/g6Jddy40EAAJ
>
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
