Frank Hecker: > Frank Hecker wrote: > >> Korea Certification Authority Central (KCAC) of the Korean Information >> Security Administration (KISA) has applied to add three root CA >> certificates to the Mozilla root store, as documented in the following bug: >> >> https://bugzilla.mozilla.org/show_bug.cgi?id=335197 >> > <snip> > >> I have evaluated their request, as per the mozilla.org CA certificate >> policy: >> >> http://www.mozilla.org/projects/security/certs/policy/ >> >> and plan to approve this request in two weeks time. If you have any >> objections, or know of facts which might influence this decision, please >> make them known before then. >> > > Just to provide an update on this, since the public comment period ended > some time ago. As far as I can determine, the only remaining issue > holding up approval of this request is confirming that the MIC audit of > KISA was/is acceptable. My basic strategy to do that has been to get > confirmation that the audit covered all the points addressed by the > WebTrust for CAs criteria. See the bug for more info. > > I think the question raised with that CA was also, if the audit covers the whole CA infrastructure, i.e. all different independent CAs operating under the KISA root. If I remember right, the CPS has no provision in that respect and the audit covers only KISA's operations itself.
If we would apply Microsoft's new criteria (not that this matters for us really) of having the audit covering the full CA infrastructure, this one wouldn't go through. I have raised the same issue during the short discussion of this inclusion request as a potential obstacle and I'm fairly sure that the issuing CAs are NOT audited. -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
