Confirm, administrator
5,526
edits
Changes
Added warning that future policy may forbid the use of 'No Stipulation'. Also added another example.
CP/CPS documents must be structured according to RFC 3647. This requirement is stated in section 2.2 of the CA/Browser Forum Baseline Requirements, with the effective of 31 May 2018. Further, CP/CPS documents should include every component and subcomponent, and the placement of information should be aligned with the BRs; e.g. domain validation practices should be documented in section 3.2.2.4 of the CA’s CP/CPS.
* The words "''No Stipulation''" mean that the particular document imposes no requirements related to that section.
** Note that Mozilla's root store policy may be updated soon to forbid the use of "No Stipulation" in CP/CPS documents.
* The words "''Not applicable''" are acceptable to indicate that the CA’s policies forbid the practice that is the title of the section. Language similar to “We do not perform <subject of the section>” is preferred.
* Sections MUST not be left blank. The purpose of "No Stipulation" is to make it clear that the omission of content was intentional.
Examples:
* If your CA does not allow a particular domain validation method to be used, then the CP or CPS should say that, e.g. "This method of domain validation is not used".
* If your CP delegates requirements to one or more CPSs, then the CP should state "Refer to CPS".
* The BRs do not allow certificate suspension, so the CA’s CPS must state that certificate suspension is not allowed, and then the other sections related to suspension should say “Not applicable”.
* If your CA does not issue SSL certs containing IP addresses, then section 3.2.2.5, ‘Authentication for an IP Address’ in your CP or CPS should say that such certificate issuance is not allowed; e.g. “No IP address certificates are issued under this CPS.”
