On Nov 16, 2013, at 8:00 PM, Phillip Hallam-Baker <hallam@xxxxxxxxx> wrote: > If you are interested in the technical criteria for running a public CA then go look at the Basic Requirements on the CABForum Web site and they will answer all the hypotheticals you raise above. ... but only for organizations that have joined the CABForum and abide by its guidelines, which is a subset of the CAs trusted by the browsers. As far as I can tell from the public CABForum web site, a member CA not following the guidelines would not necessarily be thrown out of the group (but I would be happy to be mistaken about that). --Paul Hoffman