<html><head><meta http-equiv="content-type" content="text/html; charset=us-ascii"></head><body style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">Hi Ben,<div><br></div><div>Can you share more of your reasoning for picking 398 days and in general for decreasing the frequency of CP/CPS update requirements?</div><div><br></div><div>Thanks!</div><div>-Clint<br><div><br><blockquote type="cite"><div>On Nov 14, 2022, at 4:38 PM, Ben Wilson via Servercert-wg <servercert-wg@cabforum.org> wrote:</div><br class="Apple-interchange-newline"><div><div dir="ltr"><div>All,</div><div>Section 2.3 of the Baseline Requirements currently says, "The CA SHALL develop, implement, enforce, and annually update a Certificate Policy<br>and/or Certification Practice Statement that describes in detail how the CA implements the latest version of these Requirements." I am considering a proposal to revise that language to specify a 398-day period. See <a href="https://github.com/cabforum/servercert/issues/370#issuecomment-1113441809">https://github.com/cabforum/servercert/issues/370#issuecomment-1113441809 <br></a></div><div>Possible language would be:</div><div>
"The CA SHALL develop, implement, enforce, and <strike>annually</strike> update a Certificate Policy and/or
Certification Practice Statement that describes in detail how the CA
implements the latest version of these Requirements. The CA SHALL indicate conformance with this requirement by incrementing the version number and adding a dated changelog entry <u>at least every 398 days</u>, even if no other changes are made to the document."</div><div>Thanks,</div><div>Ben<br></div><div><br> </div></div>
_______________________________________________<br>Servercert-wg mailing list<br>Servercert-wg@cabforum.org<br>https://lists.cabforum.org/mailman/listinfo/servercert-wg<br></div></blockquote></div><br></div></body></html>