Account confirmers, Anti-spam team, Confirmed users, Bureaucrats and Sysops emeriti
4,925
edits
CA/Comodo Misissuance Response: Difference between revisions
→Changes to CA Policy
Sjschultze (talk | contribs) |
|||
| Line 39: | Line 39: | ||
* Require that the identity of all RAs and SubCAs be publicly disclosed. | * Require that the identity of all RAs and SubCAs be publicly disclosed. | ||
* Require that all RA functions are protected by two-factor authentication and/or IP address restrictions. | * Require that all RA functions are protected by two-factor authentication and/or IP address restrictions. | ||
* Require that the domain control checks are always done by the CA, never the RA. | |||
* Require DNS Name Constraints to a specified number of [http://publicsuffix.org/ Public Suffixes] to be put on any non-leaf certificate the CA issues which it does not control (e.g. subordinate CAs). | * Require DNS Name Constraints to a specified number of [http://publicsuffix.org/ Public Suffixes] to be put on any non-leaf certificate the CA issues which it does not control (e.g. subordinate CAs). | ||