On Tue, Apr 01, 2014 at 11:27:53AM +0800, Man Ho (Certizen) wrote:
Hi All,
In this discussion of KISA CA, it seems to conclude that KISA root
certificate should not be included in Mozilla trust list AND the
subordinate CAs should apply for inclusion themselves. On the other
hand, in the
On 3/31/14, 8:27 PM, Man Ho (Certizen) wrote:
Hi All,
In this discussion of KISA CA, it seems to conclude that KISA root
certificate should not be included in Mozilla trust list AND the
subordinate CAs should apply for inclusion themselves. On the other
hand, in the discussion regarding Super
Hi All,
In this discussion of KISA CA, it seems to conclude that KISA root
certificate should not be included in Mozilla trust list AND the
subordinate CAs should apply for inclusion themselves. On the other
hand, in the discussion regarding Super CA, Mozilla seems to accept
inclusion of Super CA
Sent: 10 March 2014 23:07
To: mozilla-dev-security-pol...@lists.mozilla.org
Subject: Re: Seeking guidance on proceeding with KISA root inclusion
request
On 03/07/2014 07:10 AM, From spark0...@gmail.com:
According to Mozilla's definition of independent party, KISA is
independent organization
They way I see it there are basically 2 cases:
1) The root CA and the other CAs are not related. Those other CAs are
*not* Sub-CAs, they are CAs on their own and are independent of
the root CA.
2) The root CA and *all* Sub-CAs are the same organization.
What I see here being argued is
On 03/07/2014 07:10 AM, From spark0...@gmail.com:
According to Mozilla's definition of independent party, KISA is
independent organization from Sub-CAs(not employees nor director)
The minute a CA signs a certificate of/for another CA, it's not
independent at all. In fact a tight relationship
2014년 3월 11일 화요일 오전 8시 6분 55초 UTC+9, Eddy Nigg 님의 말:
On 03/07/2014 07:10 AM, From spark0...@gmail.com:
According to Mozilla's definition of independent party, KISA is
independent organization from Sub-CAs(not employees nor director)
The minute a CA signs a certificate of/for
On 3/10/14, 6:58 PM, spark0...@gmail.com wrote:
This might be a normal case for CA and Sub-CA in the business and that's why
I am mentioning Korea Electronic Signature Act.
I do understand why BR is requesting for 'independency' of the auditor, but
because KISA is designated by law to audit
Let me start with the Webtrust audit the Crosscert got.
The Webtrust audit Crosscert received is for the Verisign service they are
offering.
For your information, Crosscert is also a sub-CA of Verisign. However, two
systems(KISA and Verisign) are seperately operated and the audit does not cover
Dear Samuel,
What is important for us is that both KISA and all it's SubCAs comply
with the CA/Browser baseline requirements. Please see
https://cabforum.org/baseline-requirements/
Can you confirm that there is an audit that checks those requirements?
Or confirm that there is no such
Bonjour Samuel,
Le jeudi 6 mars 2014 10:37:30 UTC+1, spar...@gmail.com a écrit :
Let me start with the Webtrust audit the Crosscert got.
The Webtrust audit Crosscert received is for the Verisign service they are
offering.
For your information, Crosscert is also a sub-CA of Verisign.
Hello,
2014년 3월 6일 목요일 오후 9시 12분 25초 UTC+9, Erwann Abalea 님의 말:
Bonjour Samuel,
Le jeudi 6 mars 2014 10:37:30 UTC+1, spar...@gmail.com a écrit :
Let me start with the Webtrust audit the Crosscert got.
The Webtrust audit Crosscert received is for the Verisign service they are
On 2014-03-05 01:21, Kathleen Wilson wrote:
On 3/4/14, 4:00 PM, moun...@paygate.net wrote:
as my understanding,
one of LCAs of KISA was audited by WebTrust regulations.
CrossCert, they have partnership with Verisign
and also they are LCA of KISA.
I think, at least one of LCAs is enough to be
All,
I will appreciate your input on how to proceed with the KISA root
inclusion request.
My personal preference is to proceed with the process to approve/include
the KISA root under the condition that Mozilla would constrain the CA
hierarchy to *.kr. However, KISA does not want to
So I understand:
- KISA itself operates the South Korean governement CA
- There other CAs in Korea (LCAs), and they are private
organizations that are audited and signed by KISA.
- Those LCAs are not audited to comply with the baseline
requirements, or it's at least not clear they are.
I see
On 3/4/2014 11:38 AM, Kathleen Wilson wrote:
All,
I will appreciate your input on how to proceed with the KISA root
inclusion request.
My personal preference is to proceed with the process to approve/include
the KISA root under the condition that Mozilla would constrain the CA
On 03/04/2014 09:38 PM, From Kathleen Wilson:
My personal preference is to proceed with the process to
approve/include the KISA root under the condition that Mozilla would
constrain the CA hierarchy to *.kr. However, KISA does not want to
constrain their CA hierarchy to *.kr. I have also
On 3/4/14, 4:00 PM, moun...@paygate.net wrote:
as my understanding,
one of LCAs of KISA was audited by WebTrust regulations.
CrossCert, they have partnership with Verisign
and also they are LCA of KISA.
I think, at least one of LCAs is enough to be included into Mozilla Root
Repository.
18 matches
Mail list logo