2014년 3월 11일 화요일 오전 8시 6분 55초 UTC+9, Eddy Nigg 님의 말: > On 03/07/2014 07:10 AM, From spark0...@gmail.com: > > > According to Mozilla's definition of independent party, KISA is > > > independent organization from Sub-CAs(not employees nor director) > > > > The minute a CA signs a certificate of/for another CA, it's not > > independent at all. In fact a tight relationship exists between the two > > parties and a CA can't audit another CA. For this the BR sets forth a > > requirement for an independent audit by a (different) auditing firm than > > the CA signer/issuer, in order to avoid any conflict of interests.
This might be a normal case for CA and Sub-CA in the business and that's why I am mentioning Korea Electronic Signature Act. I do understand why BR is requesting for 'independency' of the auditor, but because KISA is designated by law to audit the accredited CAs, our relationship is clear(no corruption or mis-audit can happen). It is between the auditor and auditee. We also do not have any conflict of interest between KISA and Sub-CAs because we do not make any profit from the sub-CAs. > > > > -- > > Regards > > > > Signer: Eddy Nigg, StartCom Ltd. > > XMPP: start...@startcom.org > > Blog: http://blog.startcom.org/ > > Twitter: http://twitter.com/eddy_nigg _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy