BenWilson-Mozilla
commented
2 years ago I am considering whether this requirement should be changed more dramatically to have a period shorter than 365 days for updating the CP/CPSes that are applicable to TLS server certificate issuance. I'm not sure whether the same shortened period should apply to email certificates.
Re: annual publication of the CA's CP, CPS, CP/CPS, the wordings in both bullet 4 of MRSP section 3.3 and BR section 2.3 are ambiguous. Both “annually” and “once every year” should be read as every 365 days and not once per calendar year. This needs to be re-written to specify at least every 365 days.