I have made a quick review (not in detail) of the KISTI GRID CA's
CP/CPS.
I think you must add more detailed descriptions about your policy and
practices.

Especially, we are interested in certificate's life cycle management
and your CA architecture.
For example, section 4.1 describes
- If the application form is approved, the KISTI GRID CA will inform
the user of the fact that the application form has been approved and
the user can have access to the online certificate request website.
- The user will make a certificate request by an online procedure.

I could have a couple of questions such as
- How do you allow users to access to the online request website?
- How can you make sure that the user connecting to the website is the
  person who has been authorized by the RA?
- How the CSR is sent to the RA/CA?
- Do you use a plain text email to notify the user the certificate
  issuance?
- Who receives the CSR and how?
- How do you copy the CSR to the off-line signing machine?
- How do you implement multi-person control for the access to the CA?

There are some more issues need to be improved, but I will not write
them in this email at this time.