On Fri, 5 May 2017 17:18:38 +0100
Gervase Markham via dev-security-policy
<dev-security-policy@lists.mozilla.org> wrote:

> On 05/05/17 17:09, Peter Bowen wrote:
> > We know that the RAs could use different certificate profiles, as
> > certificates they approved had varying issuers, and "Issuer DN" has
> > the same "No(1)" that CP has in the table in the doc you linked.  I
> > don't see any indication of what profiles each RA was allowed to
> > use. It could be that Symantec provided one or more profiles to the
> > RA that contained EV OIDs.
> So the question to Symantec is: "did any of the RAs in your program
> have EV issuance capability? If not, given that they had issuance
> capability from intermediates which chained up to EV-enabled roots,
> what technical controls prevented them from having this capability?"
> Is that right?

It may be useful to note that Certsuperior, Certisur, Certisign, and
Crosscert were all advertising EV certificates on their websites at
some point in 2016:





dev-security-policy mailing list

Reply via email to