On Tue, Nov 22, 2016 at 3:30 PM, Patrick Figel <[email protected]> wrote: > I'm a bit unclear on whether WoSign could be acting as a Registration > Authority > for certificates issued under that intermediate and what the auditing and > disclose requirements for that would be - maybe someone more familiar with > the BRs can comment. WoSign acting as a RA prior to finishing the > re-application > process would be troubling given their previous failures in that area.
Whether or not it's intentional, as practiced by auditors today, it's an open field with vastly inconsistent standards or expectations as to whether they are scoped in the audit. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
