On 27/10/2015 8:55 πμ, [email protected] wrote:
Korea has e-signature Act, Decree and Ordinance. E-Signature act also contains
several administration rules and one of administration rules is a ‘guideline
for CPS’. Root CA/Sub-CAs controlled by government has to follow the 'guideline
for CPS' when build or revise its CPS.
So, structure of contents in CPS is different from RFC 3647, however, all
contents required by RFC 3647 are contained.
Minyoun
Section 9.16.3 (Severability) of the CA/B Forum BR, mentions that:
"If a court or government body with jurisdiction over the activities
covered by these Requirements determines that the performance of any
mandatory requirement is illegal, then such requirement is considered
reformed to the minimum extent necessary to make the requirement valid
and legal. This applies only to operations or certificate issuances
that are subject to the laws of that jurisdiction. The parties involved
SHALL notify the CA / Browser Forum of the facts, circumstances, and
law(s) involved, so that the CA/Browser Forum may revise these
Requirements accordingly".
If you consider that the BR is somehow "incompatible" with local law so
that if you were to be compatible with the BR you would be illegal in
your country, then you might want to notify the CA/B Forum accordingly.
IMO, RFC 3647 is a structure for every PKI whether it is regulated by
local law, the CA/B Forum or private company rules. RFC3647 structure is
more commonly used so this makes it easier for others to
compare/audit/monitor PKI policies.
Best regards,
Dimitris Zacharopoulos.
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
