Section 1.3: User certificates can be used to authenticate a person to relying sites that have agreed to accept cert\
ificates

from the AIST GRID CA. => KISTI GRID CA

Section 2.7: How long may the KISTI GRID CA be audited by others? And Does the KISTI GRID CA support operational aud\
its?

Section 3.1.4: Who are in charge of ensuring the uniqueness of DN?

Section 3.1.9: How does the KISTI GRID CA authenticate Host/Service adminstrator's identity ?

Section 4.1: How does the RA communicate the CA with secure methods?

Section 4.2: Is the message sent to the person plaintext email?

Section 4.3: How does the user/host administrator accept the certificates?

Section 4.4.1: I think if one leaves the organization, then we should revoke his/her certificate.
  Also, if system has been retired, then we should revoke the host/service certificate.

Section 4.6.1: I think the operators' operation log will be kept.
      And also, documents,system log, etc. may be kept.

Other comments: How many staff in KISTI are involved in the CA's operation? And how do they sperate on duty?



Section 7.1.2: I think you need to add the extendedKeyUsage field in the end entities' certificate extension.


Section 8: I think you need to add more descriptions about the sepecification adminstration, such as
  how to approve the CPS? how and when to publish the documents? etc.