1763469 - Requesting CCADB have the ability to show diffs between policy documents

Status: NEW

(CA Program :: Common CA Database, task)

Description

[Rebecca Kelley]

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.4 Safari/605.1.15

Expected results:

The objective of this enhancement request is to ask for CCADB not only to be a limited repository for CPSs (present and historical), but also provided a relatively reliable way to view differentials between CPS versions as they are updated. Web Browsers review and analyze Certification Authority (CA) CPS and CP documentation annually, or when a new CA applies to join a root program, but CPS and CP documentation may be updated far more frequently. The ability to see a diff between policy documents annually will make it easier for web browsers to see the changes that each CA is making, and verifying the CA is staying current with changing industry standards, maintaining practices agreed upon with Root Programs, and appropriately managing these key policy documents.

One example of how this might look/feel is in the Mozilla Wiki, where there is a “View History” option, which then lists all previous versions of the page being viewed with radio toggles next to each one, and a “Compare selected revisions” button above the list. This isn’t likely a UX that’s directly applicable to this request as the CP/CPS documents in CCADB are uploaded files, rather than text stored in a content management system or wiki engine, but the general goal is the same.

CCADB already has an archive set in place, which mainly contains annual audits from each CA. If CCADB could expand upon their archive to house at least a couple of years worth of policies that have been either updated or revised for standards, this would assist all web browsers in managing their CAs accurately. In reality, it would be best if we had a complete history of CP/CPS documents alongside the cradle-to-grave audit history that has become standard in the Web PKI, however that goal is orthogonal to that described here of supporting an ability to compare 2 specific versions of the same CP/CPS document in order to quickly and easily identify the changes between them.