1
edit
CA/Comodo Misissuance Response: Difference between revisions
→Changes to CA Policy
No edit summary |
Sjschultze (talk | contribs) |
||
| Line 37: | Line 37: | ||
* Require that all CAs arrange things so that each RA issues from a different subordinate cert. | * Require that all CAs arrange things so that each RA issues from a different subordinate cert. | ||
* Require that RAs are audited to the same standards as CAs. | * Require that RAs are audited to the same standards as CAs. | ||
* Require that the identity of all RAs and SubCAs be publicly disclosed. | |||
* Require that all RA functions are protected by two-factor authentication and/or IP address restrictions. | * Require that all RA functions are protected by two-factor authentication and/or IP address restrictions. | ||
* Require DNS Name Constraints to a specified number of [http://publicsuffix.org/ Public Suffixes] to be put on any non-leaf certificate the CA issues which it does not control (e.g. subordinate CAs). | * Require DNS Name Constraints to a specified number of [http://publicsuffix.org/ Public Suffixes] to be put on any non-leaf certificate the CA issues which it does not control (e.g. subordinate CAs). | ||