|
|
|
|
|
|
by tialaramex
3378 days ago
|
|
|
_Some_ major CAs outsource like this. You need this sort of on-the-ground stuff, particularly human employees who can speak the local language and understand local culture, to validate certain subject details, it's not important for the domain validation that most of us care about most of the time. Knowing if the subscriber is really Foo Corp of Shanghai, requires local knowledge, but checking foo-corp-shanghai.example is controlled by the subscriber needs, at the very most, a translated web page of instructions which you can out-source. It is likely Mozilla policy (or the BRs) will forbid letting the local RA do the domain validation. So, a future CrossCert could lie about whether their subscriber is really Foo Corp, but not about whether they control foo-corp.example Oh, and it's not the Big Five any more, one of the Five collapsed in scandal because it happily signed off on Enron's obviously bogus accounts. So now we have a Big Four, until another one blows up. For those taking bets, the RA was audited by a local EY, whereas Symantec are audited by a KPMG. |
|
|