Section 6 ("Revocation") of Mozilla's Root Store Policy states:
CAs MUST revoke Certificates that they have issued upon the occurrence of
> any event listed in the appropriate subsection of section 4.9.1 of the
> Baseline Requirements, according to the timeline defined therein.
Because the BRs don't apply to intermediate and end-entity certificates
that are constrained to S/MIME, it's not clear if our policy requires that
those certificates follow the BR revocation requirements or not.
The discussion  that led to the current language makes it clear that the
intent is for the revocation requirement to apply to S/MIME certificates.
I propose adding the following statement to clarify the scope of this
This requirement applies to certificates that are not otherwise required to
> comply with the BRs.
This is https://github.com/mozilla/pkipolicy/issues/166 and
I will appreciate everyone's input on this proposal.