Last I checked there definitively were some code signing certificates
basically issued under the terms of "If the credit card check comes
back OK, issue it". It's a little while ago thought.
But really. It's *hard* to do better than that, better than "Send us
by fax our doctored ID so that we check if you pass the bar of having
minimal photoshop skills".
No CA has been admitted to NSS during the last 2+ years based on such a
policy and have the code signing bit turned on. Your assumption above is
wrong, but if you have any knowledge please share it with us :-)
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP: start...@startcom.org
Blog: http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security