This is a common way for all CAs that issued many intermediate CAs for its resellers.
Best Regards, Richard -----Original Message----- From: dev-security-policy [mailto:[email protected]] On Behalf Of Ryan Sleevi Sent: Wednesday, November 23, 2016 7:35 AM To: Patrick Figel <[email protected]> Cc: Tobias Sachs <[email protected]>; [email protected] Subject: Re: WoSign has new roots? On Tue, Nov 22, 2016 at 3:30 PM, Patrick Figel <[email protected]> wrote: > I'm a bit unclear on whether WoSign could be acting as a Registration > Authority for certificates issued under that intermediate and what the > auditing and disclose requirements for that would be - maybe someone > more familiar with the BRs can comment. WoSign acting as a RA prior to > finishing the re-application process would be troubling given their previous > failures in that area. Whether or not it's intentional, as practiced by auditors today, it's an open field with vastly inconsistent standards or expectations as to whether they are scoped in the audit. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
