Dear Sleevi First of all, I appreciate your detailed opinios and suggestions
In terms of option B (application to only be for that of your SSL/website CA rather than your root CA) All CAs in CA hierarchy (including Root CA) has to follow a government law. So, it's not easy to adapt option B in this case In terms of option A (Mozilla accepts local laws), I understood what you mentioned about downsides and burden of work on th Mozilla user community to review. If Root CA provides a mapping table between RFC3647 and current CPS for more easy review whether current CPS comply with the contents of RFC3647 or not, do you think is it acceptable? Mapping table (for example) might be shown like below: --------------------------------------------------------- RFC 3647 | Current CPS | Remark ---------------------------------------------------------- 1. Introduction | 2. Introduction | ---------------------------------------------------------- 1.1. Background | 2.1 Overview | --------------------------------------------------------- ....... ....... In this case, all contents required by RFC3647 should be contained in current CPS. only structure is different from RFC3647. So, Root CA provides a mapping talbe for easy review. I appreciate it again, and also expect your opinion against my suggestion. Thanks Minyoun _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
