MozillaWiki

CA/Visa Issues: Difference between revisions

Page Discussion

CA/Visa Issues (view source)

Revision as of 21:00, 4 September 2018

3 bytes added ,  4 September 2018
Ad quotes to issue E
(Remove reference)
(Ad quotes to issue E)
Line 72: Line 72:
Visa’s original BR PITRA describes the following deficiency:
Visa’s original BR PITRA describes the following deficiency:


Visa has a detailed corporate onboarding process for new clients who may ultimately require publicly trusted SSL certificates to do business with VISA. However, it was noted that the VISA CA’s vetting procedures do not specifically address the referenced WTBR criteria at the time of certificate issuance for verification of the O, OU, L, C attributes. It was also noted that the
"Visa has a detailed corporate onboarding process for new clients who may ultimately require publicly trusted SSL certificates to do business with VISA. However, it was noted that the VISA CA’s vetting procedures do not specifically address the referenced WTBR criteria at the time of certificate issuance for verification of the O, OU, L, C attributes. It was also noted that the
VISA CA uses an internal system (VISA Profiler) to verify client organization and individual information, but there is no process in place to validate that information by using a third-party database considered a Reliable Data Source or attestation letters.
VISA CA uses an internal system (VISA Profiler) to verify client organization and individual information, but there is no process in place to validate that information by using a third-party database considered a Reliable Data Source or attestation letters."


This issue is not present on Visa’s more recent BR audits.
This issue is not present on Visa’s more recent BR audits.
Wthayer
136

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1200535"