[cabfpub] RFC 3647 Compliance

Ryan Sleevi sleevi at google.com
Wed Apr 26 00:00:22 UTC 2017


Like we talked about at the recent F2F in Raleigh, I'd love to see a world
where we can slowly move to consistent CP/CPSes. This is especially
important for efforts like the CCADB with Microsoft's help, or the BR
self-assessments that Mozilla's requesting.

You can see the initial proposed edits at
https://github.com/sleevi/cabforum-docs/pull/3/files , along with
explanations for the motivations for these.

I set the phase in period as 6 months, plus 2 weeks for
discussion/balloting, plus 30 days for IP review - hence 8 December 2017.
I'm sure we can adjust that number as appropriate, but I suspect most CAs
would have nothing to do here.

One of the things that surprised me in reading these sections is that we
don't have strong guidance that the CP/CPS explicitly include all the items
related to the BRs/EVGs, just their incorporation by reference. As CAs who
have been asked to do the Mozilla BR self-assessment (or have been
following that change, since you'll eventually be requested to complete one
with the annual audit it appears), it seems useful to make sure that all
the information from the BRs (as relevant) is in the CP/CPS.

Do people have thoughts on that? Better as a separate ballot?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170425/f5b4d244/attachment.html>


More information about the Public mailing list