Korea has e-signature Act, Decree and Ordinance. E-Signature act also contains several administration rules and one of administration rules is a ‘guideline for CPS’. Root CA/Sub-CAs controlled by government has to follow the 'guideline for CPS' when build or revise its CPS.
So, structure of contents in CPS is different from RFC 3647, however, all contents required by RFC 3647 are contained. Minyoun 2015년 10월 23일 금요일 오전 10시 24분 59초 UTC+9, Moudrick M. Dadashov 님의 말: > eIDAS is becoming the only common Law on e-signatures (for the EU) and > I'm not aware of any regulation on mandatory CP/CPS structures. > > Thanks, > M.D. > > > On 10/22/2015 8:56 PM, Richard Barnes wrote: > > On Thu, Oct 22, 2015 at 1:42 PM, Kathleen Wilson <[email protected]> > > wrote: > > > >> All, > >> > >> In section 2.2 of version 1.3 of the CA/Browser Forum's Baseline > >> Requirements, it says: > >> > >> "The disclosures MUST include all the material required by RFC 2527 or RFC > >> 3647, and MUST be structured in accordance with either RFC 2527 or RFC > >> 3647." > >> > >> Some government CAs are bound by local e-signature laws that include a > >> guideline for the structure of the CPS, which is not in line with RFC 3647. > >> > > E-signature seems like a different application from HTTPS. Are they really > > using the same CA for both? (That seems like a bad idea.) Or do these > > e-signature laws somehow also impinge on web certificates? > > > > --Richard > > > > > >> Would it be reasonable to allow an exception to this rule (structure CPS > >> according to RFC 36437)for government (non-commercial) CAs that are bound > >> by local law to use a different structure for their CPS? > >> > >> Would such an exception require that the the CA hierarchy be bound to > >> certain TLDs (e.g. country-specific, .gov)? > >> > >> Kathleen > >> > >> _______________________________________________ > >> dev-security-policy mailing list > >> [email protected] > >> https://lists.mozilla.org/listinfo/dev-security-policy > >> > > _______________________________________________ > > dev-security-policy mailing list > > [email protected] > > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
