On Thu, Dec 17, 2020 at 10:32 AM Aaron Gable via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> One potential option (5) would be to go even further than (2), and remove > the OCSP paragraph from the MRSP§6 entirely. Given that MRSP§2.3 says "CA > operations relating to issuance of certificates capable of being used for > SSL-enabled servers MUST also conform to the latest version of the [BRs]", > it seems clear that BR§4.9.10 is already included in its entirety. You > could update MRSP§2.3 to say "...relating to issuance and revocation..." if > you wanted to be even more explicit. > > This all makes sense when applied to TLS certificates, but as Ben mentioned the current language also applies to S/MIME. My instinct would be to either do nothing to the current MRSP language, or to explicitly have it apply to S/MIME and reference the BRs for TLS. If there is a desire to have the BR 4.9.10 language apply to S/MIME, I'd suggest we make that very clear. - Wayne _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy