April 2017 CA Communication

ACTION 9: REGISTRATION AUTHORITIES Does your CA have any third-party Registration Authorities (RA)s that your CA relies on to perform the domain validation as required under Section 3.2.2.4 of the CA/Browser Forum's Baseline Requirements? If so, please tell us about the program, including: * How many companies are involved * What measures you have in place to ensure this work is done to an appropriate standard

CA Owner Response
AC Camerfirma, S.A. Not Applicable. AC Camerfirma always perform the domain validation process.
Actalis We have no RA contracts, so far.
Amazon Trust Services Not Applicable
Asseco Data Systems S.A. (previously Unizeto Certum) Not Applicable
Autoridad de Certificacion Firmaprofesional Not Applicable
Buypass Not Applicable.
Certicámara Not Applicable
Certinomis / Docapost Not Applicable
China Financial Certification Authority (CFCA) "Not Applicable". CFCA do not have Third-party RA for public - trustworthy Roots that included in Mozilla or other Root stores.
Chunghwa Telecom No, We don't have any third-party Registration Authorities that our CA replies on to perform the domain validation as required under section 3.2.4 of the CABF BR.
ComSign Not Applicable
Consorci Administració Oberta de Catalunya (Consorci AOC, CATCert) Not Applicable
Cybertrust Japan / JCSI Not Applicable
D-TRUST Not Applicable
Deutscher Sparkassen Verlag GmbH (S-TRUST, DSV-Gruppe) Not Applicable
Dhimyotis / Certigna Third parties participate for short controls (face to face, collect of requests) but each certificate request is controlled and validated by DHIMYOTIS' internal RA.
DigiCert Not Applicable
Disig, a.s. Not Applicable
DocuSign (OpenTrust/Keynectis) If you do not have RAs who are capable of issuing TLS/SSL certificates for which only they have validated domain control, write "Not Applicable". We have one third party RA. This RA is audited by our internal compliance team and by a Qualified Auditor.
E-Tugra Not Applicable
EDICOM Not Applicable
Entrust Not Applicable
Global Digital Cybersecurity Authority Co., Ltd. (Formerly Guang Dong Certificate Authority (GDCA)) Not Applicable.
GlobalSign Not Applicable
GoDaddy Not Applicable
Google Trust Services LLC (GTS) Not Applicable
Government of Hong Kong (SAR), Hongkong Post, Certizen Not Applicable
Government of Japan, Ministry of Internal Affairs and Communications If you do not have RAs who are capable of issuing TLS/SSL certificates for which only they have validated domain control, write "Not Applicable". Not Applicable
Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV) Not Applicable.
Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT) Not Applicable
Government of Taiwan, Government Root Certification Authority (GRCA) No, We don't have any third-party Registration Authorities that our CA replies on to perform the domain validation as required under section 3.2.4 of the CABF BR.
Government of The Netherlands, PKIoverheid (Logius) Not Applicable
Government of Turkey, Kamu Sertifikasyon Merkezi (Kamu SM) Our CA do not have third party RA.
HARICA Not Applicable
IdenTrust Services, LLC IdenTrust does not currently have third-party RAs. However, IdenTrust product line includes the possibility of third-party RAs though. IdenTrust requires the following for RAs: * Signature of legal agreement * Documentation of practices in RPS, which is approved by PMA * Annual audit modeled after the WebTrust for CAs. IdenTrust believes that the possibility of RAs should be maintained but requiring specific controls and having Mozilla (or CAB Forum) specify more granular controls (e.g. WebTrust for RAs)
Internet Security Research Group (ISRG) Not Applicable
Izenpe S.A. Not Applicable
Krajowa Izba Rozliczeniowa S.A. (KIR) Not Applicable
LuxTrust "Not Applicable".
Microsec Ltd. "Not Applicable"
NetLock Ltd. Not Applicable
PROCERT WE DON'T HAVE EXTERNAL RA
QuoVadis Not Applicable
SECOM Trust Systems CO., LTD. Not Applicable
SK ID Solutions AS Not Applicable
Sectigo Not Applicable
SecureTrust Not Applicable
Start Commercial (StartCom) Ltd. Not Applicable
SwissSign AG Not Applicable
Swisscom (Switzerland) Ltd "Not Applicable"
Symantec Not Applicable. No new TLS certificate validation is done by RAs. In the case of CertSuperior, Certisign, and Certisur, previous validation work may be re-used subject to section 4.2.1 of the Baseline Requirements. Symantec personnel are completing a 100% review of the authentication work performed by these RA’s that includes confirming that the domain validation was correctly completed and used only methods currently permitted under section 3.2.2.4 of version of 1.4.4 of the Baseline Requirements.
T-Systems International GmbH (Deutsche Telekom) We use about 90 third-party Registration Authorities (RA)s in one of our services (Shared-Business CA). These external RAs are restricted by the internal operated Registration Authoritiy (RA).
Taiwan-CA Inc. (TWCA) "Not Applicable"
Telia Company (formerly TeliaSonera) Not Applicable
Trustis Not applicable
TurkTrust "Not Applicable".
Visa Not Applicable
WISeKey Not Applicable
Web.com Not Applicable
WoSign CA Limited Not applicable
certSIGN Not Applicable.