A) Does your CA have an RA program, whereby non-Affiliates of your company perform aspects of certificate validation on your behalf under contract? If so, please tell us about the program, including:
* How many companies are involved * Which of those companies do their own domain ownership validation * What measures you have in place to ensure this work is done to an appropriate standard [JR] This should be limited to SSL certs IMO. With client certs, you're going to get a lot more RAs that likely function under the standard or legal framework defining the certificate type.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
