In order to better comply with the CABforum baseline requirements, the GEANT TCS is dropping the optional feature of prefixing the commonName of eScience Server certificates with the "service/" kerberism. This obsolete feature was introduced as a side-effect of the move to the generic (open science grid inspired) certificate profile, but cannot be maintained in a public trust environment.
The change is reflected in version 2.1 of the CP/CPS, with OID
1.3.6.1.4.1.25178.2.1.2.1
with changes limited to sections 3.3.1 and 7.1.4 (and obviously in the
change log itself in section 1.2).
The new CP/CPS will be posted shortly on the pbulci TCS repository at https://www.terena.org/activities/tcs/repository-g3/