On 03/04/2014 09:38 PM, From Kathleen Wilson:
My personal preference is to proceed with the process to approve/include the KISA root under the condition that Mozilla would constrain the CA hierarchy to *.kr. However, KISA does not want to constrain their CA hierarchy to *.kr. I have also suggested that KISA have each subCA apply for inclusion as separate trust anchors, but KISA does not want to take that approach either.
I think the BR and Mozilla's own policy has set the proper requirements defined for any CA operating under another CA (root). This should apply here too which excludes the CA performing a (self) audit for the sub ordinate CAs for example.
In respect to limiting issuance to a TLD, Mozilla might have to set a criteria for it first. Being a national (local) CA could be such a criteria.
-- Regards Signer: Eddy Nigg, StartCom Ltd. XMPP: [email protected] Blog: http://blog.startcom.org/ Twitter: http://twitter.com/eddy_nigg _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
