This popped up on mozilla.dev.security.policy: http://groups.google.com/group/mozilla.dev.security.policy/browse_thread/thread/7a1c21bc445f8cb9/095cc78cec78a5b7#095cc78cec78a5b7
Comodo came out and said: Comodo have not issued subordinate CA certificates to enterprises for the purpose of transparently managing encrypted traffic - or for any other activity contrary to Mozilla's CA policy - although we received (and rejected) a request through normal commercial channels for such sub-CA certificates to be issued. And GlobalSign the same: Over the last couple of years GlobalSign has received several requests from large enterprises who run services such as Websense with a need for this type of CA. We have declined in all cases. We've always recommended for enterprises to create their own internal CA and seed those to their client network. Although they got called out on Trusted Root for Inhouse PKI /Certificate Authority" product. And I put in some relevant quotes from Peter Gutmann and Lucky Green when this came up last time. -tom
