The BRs contain at least two allowances for “legacy” certificate issuance: 6.1.7 (5) allows direct issuance of subscriber certificates from a root CA 6.3.2 allows certificates with validity periods longer than 39 months Are these still needed? Are CAs relying upon these exceptions? If not, does it make sense to ballot to remove these from the BRs? Thanks, Peter