On 2014-03-05 01:21, Kathleen Wilson wrote:
On 3/4/14, 4:00 PM, moun...@paygate.net wrote:
as my understanding,
one of LCAs of KISA was audited by WebTrust regulations.
CrossCert, they have partnership with Verisign
and also they are LCA of KISA.
I think, at least one of LCAs is enough to be included into Mozilla
Root Repository.
That is interesting. If one of the LCAs gets a WebTrust audit, then it
would stand to reason that the rest of them could get WebTrust audits too.
So it's my understanding that KISA is required to audit them, because
they are licensed, but that nothing stops them from getting an
additional audit for which we are sure that they are checked to be
complying with the requirements we have.
So unless KISA can guarantee that they do an audit to check compliance
with the requirements I suggest the LCAs apply directly instead.
Kurt
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy