Below is a list of the current MRSP issues for version 2.8. I believe we're getting closer to finalizing the language.
There appear to be things to discuss for highlighted Issues #178 (Sunsetting SHA1), #219 (Requiring ETSI Auditors to be ACAB'c members), #226 (clarifying section 5.2), and #234 (CRL reason codes).
Are there any others in the list that should still be considered open for discussion?
Also, besides the dates indicated below in the list, are there any other effective dates or compliance deadlines that should accompany any of these changes?
Thanks,
Ben
Github |
Title / Compliance Date |
Improve terminology and style / Immediate |
|
Make it clear that precertificates are covered by Mozilla policy / Immediate |
|
Describe actions Mozilla may take upon receipt of a qualified audit / Immediate |
|
Sunset SHA-1 in S/MIME Certificates / TBD |
|
Change Terminology from SSL to TLS / Immediate |
|
Require publication of outdated CA policy documents / Immediate |
|
Require public discussion when an organization receives a new subCA / Immediate |
|
Outline Policy Update Process / Immediate |
|
Require ETSI auditors to be ACAB-c members / Upon submission of next audit |
|
Update the incorrect extensions item in section 5.2 / Immediate |
|
Clarify Meaning of "CP/CPS" / Immediate |
|
Clarify technically-constrained sub-CA extended key usages / Immediate |
|
Disclose also TCSC to CCADB / July 1, 2022 |
|
Clarifying Trust Transfer / Immediate |
|
Wiki page - process for reviewing externally operated CAs / Immediate |
|
Add Policy about CRL Revocation Reason Codes / September 1, 2022 |
|
Require CCADB Disclosure of Full CRLs / October 1, 2022 |