On 3/10/14, 6:58 PM, spark0...@gmail.com wrote: > This might be a normal case for CA and Sub-CA in the business and that's why > I am mentioning Korea Electronic Signature Act. > I do understand why BR is requesting for 'independency' of the auditor, but > because KISA is designated by law to audit the accredited CAs, our > relationship is clear(no corruption or mis-audit can happen). It is between > the auditor and auditee. We also do not have any conflict of interest between > KISA and Sub-CAs because we do not make any profit from the sub-CAs.
The reasoning here is that there should be no ongoing financial relationship causing a conflict of interest, I believe. Al -- Program Manager Firefox Platform Security Team
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy