The CA/Browser Forum should create a public log of instances where a CA has notified the CA/Browser Forum of conflicts between the Guidelines and local law.
-----Original Message----- From: dev-security-policy [mailto:[email protected]] On Behalf Of Dimitris Zacharopoulos Sent: Wednesday, October 28, 2015 3:28 AM To: [email protected] Subject: Re: Question: BR requirement about structuring CPS according to RFC 3647 On 27/10/2015 8:55 πμ, [email protected] wrote: > Korea has e-signature Act, Decree and Ordinance. E-Signature act also > contains several administration rules and one of administration rules is a > ‘guideline for CPS’. Root CA/Sub-CAs controlled by government has to follow > the 'guideline for CPS' when build or revise its CPS. > > So, structure of contents in CPS is different from RFC 3647, however, all > contents required by RFC 3647 are contained. > > Minyoun Section 9.16.3 (Severability) of the CA/B Forum BR, mentions that: "If a court or government body with jurisdiction over the activities covered by these Requirements determines that the performance of any mandatory requirement is illegal, then such requirement is considered reformed to the minimum extent necessary to make the requirement valid and legal. This applies only to operations or certificate issuances that are subject to the laws of that jurisdiction. The parties involved SHALL notify the CA / Browser Forum of the facts, circumstances, and law(s) involved, so that the CA/Browser Forum may revise these Requirements accordingly". If you consider that the BR is somehow "incompatible" with local law so that if you were to be compatible with the BR you would be illegal in your country, then you might want to notify the CA/B Forum accordingly. IMO, RFC 3647 is a structure for every PKI whether it is regulated by local law, the CA/B Forum or private company rules. RFC3647 structure is more commonly used so this makes it easier for others to compare/audit/monitor PKI policies. Best regards, Dimitris Zacharopoulos. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
