[cabfpub] Require commonName in Root and Intermediate Certificates ballot draft (2)

Gervase Markham gerv at mozilla.org
Thu Apr 20 09:51:14 MST 2017


On 20/04/17 17:29, Ryan Sleevi wrote:
> Data gathering and verification are very much parts of certificate
> issuance. So is operation of an OCSP responder or issuance of CRLs, or
> the maintenance of audit logs.

But those latter things don't necessarily happen at the exact same
points in time.

> The default is that, at any point in time, everything the CA does must
> be consistent with the current and complete text. 

Er, isn't that what I said? :-) For every action, if future actions are
exempted from a requirement you have to say so, but if only past actions
are exempted (i.e. the rule is applicable from the moment of writing it
into the doc) you don't say anything - i.e. that's the default.

Gerv



More information about the Public mailing list