<div dir="ltr"><span style="font-size:12.8px">This is to let everyone know that the May 2016 CT Policy is now published at </span><a href="https://sites.google.com/a/chromium.org/dev/Home/chromium-security/certificate-transparency" style="font-size:12.8px">https://sites.google.com/a/chromium.org/dev/Home/chromium-security/certificate-transparency</a><span style="font-size:12.8px"> (direct link is </span><a href="https://sites.google.com/a/chromium.org/dev/Home/chromium-security/root-ca-policy/CTPolicyMay2016edition.pdf?attredirects=0" style="font-size:12.8px">https://sites.google.com/a/chromium.org/dev/Home/chromium-security/root-ca-policy/CTPolicyMay2016edition.pdf?attredirects=0</a><span style="font-size:12.8px"> )</span><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">This update was discussed at <a href="https://groups.google.com/a/chromium.org/d/topic/ct-policy/Mp1dqTWAiSY/discussion">https://groups.google.com/a/chromium.org/d/topic/ct-policy/Mp1dqTWAiSY/discussion</a> and contains the details and justifications for the change, which we believe should not negatively affect anyone that was complying with the existing policy.</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">Specific for the CAs who may not be participating in the ct-policy list, this hopefully clarifies what should be supported for DV/OV certificates. The naming of the previous policy - though clearly designed to cover non-EV certificates by virtue of the discussions of certificate lifetimes - lead to some CAs being confused about what was expected for these other types.</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">This does not provide a timeline for when it will be required for DV/OV, because as I've expressed in every meeting since we've begin deploying CT, we are still proceeding slowly in order to allow CAs, log operators, monitors, and browsers necessary time to gain experience with deploying and interacting with CT in a meaningful and scalable way. However, that said, we welcome any and all CAs to comply with this policy (precertificates in particular) as a means of avoiding any potential issues or delays in deploying CT for when that timeline is finalized and announced, and to the benefit of your customers and the PKI ecosystem.</div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px">Note that there are clear benefits for your users and customers, even absent a Chrome requirement, as evidenced by posts such as <a href="https://www.facebook.com/notes/protect-the-graph/early-impacts-of-certificate-transparency/1709731569266987/">https://www.facebook.com/notes/protect-the-graph/early-impacts-of-certificate-transparency/1709731569266987/</a></div><div style="font-size:12.8px"><br></div><div style="font-size:12.8px"><br></div></div>