> It seems to me that they should have a number of enterprise signing certs for each use case such as internal beta, external beta, internal utility, external utility, whatever.
For actual enterprise users you probably have a distribution profile set up and are pushing them out anyway. For outside users, they would selectively install the cert for the app they use one by one. Anyway it still strikes me as poor operational practices whether or not they were going to do anything nefarious.
Then you need each user to install each cert.