On 3/31/14, 8:27 PM, Man Ho (Certizen) wrote:
Hi All,
In this discussion of KISA CA, it seems to conclude that KISA root
certificate should not be included in Mozilla trust list AND the
subordinate CAs should apply for inclusion themselves. On the other
hand, in the discussion regarding "Super CA", Mozilla seems to accept
inclusion of "Super CA" by saying that their subordinate CAs must apply
for inclusion of their own certificate until certain criteria are satisfied.
It is very confusing what position Mozilla will take. Does the
subordinate CAs required to apply for inclusion themselves? It looks
like that KISA CA is by definition also a "Super CA", isn't it?
regards
Man
You are correct. I wrote my response to this before I drafted the new
proposed text for Super CAs.
I agree with you, that the best approach will be to finalize the Super
CA text, and then apply that to the KISA CA.
Thanks,
Kathleen
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
