We are willing to prove that KISA audit criteria fulfills the Mozilla's requirements and CA browser forum requirement. And also to confirm the comparison by a third-party audit practitioner(such as Deloitte).
If what KISA audits fulfills the requirements, would that be all? 2014년 4월 2일 수요일 오전 1시 10분 59초 UTC+9, Kurt Roeckx 님의 말: > On Tue, Apr 01, 2014 at 11:27:53AM +0800, Man Ho (Certizen) wrote: > > > Hi All, > > > > > > In this discussion of KISA CA, it seems to conclude that KISA root > > > certificate should not be included in Mozilla trust list AND the > > > subordinate CAs should apply for inclusion themselves. On the other > > > hand, in the discussion regarding "Super CA", Mozilla seems to accept > > > inclusion of "Super CA" by saying that their subordinate CAs must apply > > > for inclusion of their own certificate until certain criteria are satisfied. > > > > > > It is very confusing what position Mozilla will take. Does the > > > subordinate CAs required to apply for inclusion themselves? It looks > > > like that KISA CA is by definition also a "Super CA", isn't it? > > > > It looks to me that after repeated request for more information, > > KISA has failed to meet the requirements as discussed in the Super > > CA thread, and so the LCAs should apply themself. > > > > > > Kurt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
