[cabfpub] Cert Policy Working Group activity

Gervase Markham gerv at mozilla.org
Wed Sep 16 08:51:08 UTC 2015

On 15/09/15 20:39, Dean Coclin wrote:
> On #2, the group felt that RFC 3647 contains the exact placeholders for the
> items currently in the network security requirements and that's why it made
> sense to merge those in. As many of you know, the Network Security
> requirements were composed after the Diginotar and Comodo incidents to
> address a gap in the BRs. Although they are not as stringent as some would
> have liked, they do provide meaningful improvements to the security of the
> ecosystem, with an opportunity for further enhancement as we review them
> again. 

I have no objection to making people's lives easier... but if the
Network Security Requirements were converted to an independent document
in RFC3647 format (and particularly if both documents were Markdown)
then doing an automatic merge of the two, using the section numbers, to
produce an unofficial unified document would be the work of a fairly
short script, which I would be willing to write.

Is that a way forward which meets people's usability goals without
formally combining the two documents?


More information about the Public mailing list