Nelson B Bolyard wrote: > But I believe we have already decided, in principle, to approve certs for > CAs that are subordinate to some root that is not approved, when the > subordinate CA meets the criteria, but the root does not.
Yes, I recall this discussion. However in the KISA case my opinion is that KISA itself does meet our policy requirements (assuming that my remaining concern about the MIC audit gets addressed). I think the Korean situation is different from the Austrian one because KISA doesn't indiscriminately create subordinates, rather the LCAs subordinate to KISA are subject to regulatory constraints imposed by the government (including regulations mandating verification requirements, etc.) and are subject to oversight by KISA, including audits. Frank -- Frank Hecker [EMAIL PROTECTED] _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto