On 05/05/17 17:09, Peter Bowen wrote:
> We know that the RAs could use different certificate profiles, as
> certificates they approved had varying issuers, and "Issuer DN" has
> the same "No(1)" that CP has in the table in the doc you linked.  I
> don't see any indication of what profiles each RA was allowed to use.
> It could be that Symantec provided one or more profiles to the RA that
> contained EV OIDs.

So the question to Symantec is: "did any of the RAs in your program have
EV issuance capability? If not, given that they had issuance capability
from intermediates which chained up to EV-enabled roots, what technical
controls prevented them from having this capability?" Is that right?


dev-security-policy mailing list

Reply via email to