On Sat, Feb 4, 2017 at 3:10 AM, Gervase Markham <[email protected]> wrote: > > 4) Is there any reliable programmatic way of determining, looking only > at the contents of the certificate or certificate chain, that a > certificate was issued by CrossCert personnel using their processes, as > opposed to by Symantec personnel or by another RA? > > We look forward to hearing the answers to these questions and further > updates on the situation with CrossCert.
Gerv, as the information Steve shared about their other RAs show, their issues with RAs are not limited to CrossCert, unfortunately. Check out the rest of the details included. Steve: Given the many issues very clear from CrossCert's CP/CPS, and the many audit issues disclosed in CertSuperior's report, I'd like to request that you also disclose the CP/CPS for these CAs. For example, CertiSign's CP/CPS is not immediately obvious to me as to what Symantec was relying on EY to audit. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
