Comment 90 for bug 310999

> Specifically: How many RAs do remain?

I haven't ever required CAs to publicly disclose the number of RAs that they have.

> I still think that any RA must run through the same audit as the CA itself,
> given that the RA performs one of the two core functions of the CA
> ( a) validation and b) signing).
>
> I'd like all that to be formal and binding, in the policy documents. Which
> checks Comodo itself performs, which diligence. If there are any RAs, which
> requirements they have to meet, and how these are enforced.

In regards to RAs and Resellers the CP/CPS should include information about the procedures they are required to follow and how that is enforced and audited. I think that these questions about RA requirements and enforcement/auditing are reasonable questions to ask and have answered by the CA.