As discussed on m.d.s.p., when a CA certificate appears on the audit statement of both the issuer and subject and those are two different organizations, expectations for CP/CPS disclosure are unclear. We may want to require information for both the cert and the Subject + SPKI, or decide which one is appropriate. I think the CP/CPS of the CA in possession of the private key (i.e. the Subject of the cert) is the appropriate one to disclose for these certificates. However, the responsibility of disclosing falls on the Issuer.
As discussed on m.d.s.p., when a CA certificate appears on the audit statement of both the issuer and subject and those are two different organizations, expectations for CP/CPS disclosure are unclear. We may want to require information for both the cert and the Subject + SPKI, or decide which one is appropriate. I think the CP/CPS of the CA in possession of the private key (i.e. the Subject of the cert) is the appropriate one to disclose for these certificates. However, the responsibility of disclosing falls on the Issuer.