Actually, I have been communicating with Kathleen about this issue. For your comments, two separate CAs (for user certificate and for SSL) are existed. Actually, e-Signature law doesn't mention of SSL directly. However, Root CA is controlled by government directly and government is likely to comply with current e- signature law regardless of certificate types.
In this case, current CPS contains all contents comply with RFC 3647. Only structure of contents does not comply with RC 3647. Minyoun 2015년 10월 23일 금요일 오전 2시 56분 18초 UTC+9, Richard Barnes 님의 말: > On Thu, Oct 22, 2015 at 1:42 PM, Kathleen Wilson <[email protected]> > wrote: > > > All, > > > > In section 2.2 of version 1.3 of the CA/Browser Forum's Baseline > > Requirements, it says: > > > > "The disclosures MUST include all the material required by RFC 2527 or RFC > > 3647, and MUST be structured in accordance with either RFC 2527 or RFC > > 3647." > > > > Some government CAs are bound by local e-signature laws that include a > > guideline for the structure of the CPS, which is not in line with RFC 3647. > > > > E-signature seems like a different application from HTTPS. Are they really > using the same CA for both? (That seems like a bad idea.) Or do these > e-signature laws somehow also impinge on web certificates? > > --Richard > > > > Would it be reasonable to allow an exception to this rule (structure CPS > > according to RFC 36437)for government (non-commercial) CAs that are bound > > by local law to use a different structure for their CPS? > > > > Would such an exception require that the the CA hierarchy be bound to > > certain TLDs (e.g. country-specific, .gov)? > > > > Kathleen > > > > _______________________________________________ > > dev-security-policy mailing list > > [email protected] > > https://lists.mozilla.org/listinfo/dev-security-policy > > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
