On Sat, May 16, 2020 at 10:04:24AM -0400, Andrew Ayer via dev-security-policy wrote: > On Sat, 16 May 2020 14:02:42 +0200 > Kurt Roeckx via dev-security-policy > <dev-security-policy@lists.mozilla.org> wrote: > > > https://crt.sh/?id=1902422627 > > > > It's a certificate for api.pillowz.kz with the public key of Let's > > Encrypt Authority X1 and X3 CAs. > > > > It's revoked since 2020-01-31, but I couldn't find any incident > > report related to it. > > Hi Kurt, > > It's not obvious what's non-compliant about this certificate - could you > explain? Note that there is no requirement or security need for CAs to > validate proof of possession of a private key.
I was under the impression that there was. But looking at the BRs, 3.2.1 is just empty. Kurt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy