From:  Wayne Thayer <>
Date:  27 Apr 2019 08:14:09 Hong Kong Time

Policy 2.7 Proposal: Clarify Revocation Requirements for S/MIME Certificates


Section 6 ("Revocation") of Mozilla's Root Store Policy states:

CAs MUST revoke Certificates that they have issued upon the occurrence of
> any event listed in the appropriate subsection of section 4.9.1 of the
> Baseline Requirements, according to the timeline defined therein.

Because the BRs don't apply to intermediate and end-entity certificates
that are constrained to S/MIME, it's not clear if our policy requires that
those certificates follow the BR revocation requirements or not.

The discussion [1] that led to the current language makes it clear that the
intent is for the revocation requirement to apply to S/MIME certificates.

I propose adding the following statement to clarify the scope of this

This requirement applies to certificates that are not otherwise required to
> comply with the BRs.

This is and

I will appreciate everyone's input on this proposal.

- Wayne