Yes, we tested all browsers, it support IP address. We need to update our PKI system.
Thanks. Best Regards, Richard From: Brian Smith [mailto:br...@briansmith.org] Sent: Thursday, November 19, 2015 9:38 AM To: Richard Wang <rich...@wosign.com> Cc: Peter Bowen <pzbo...@gmail.com>; Rob Stradling <rob.stradl...@comodo.com>; mozilla-dev-security-pol...@lists.mozilla.org; Peter Gutmann <pgut...@cs.auckland.ac.nz> Subject: Re: [FORGED] Name issues in public certificates On Tue, Nov 17, 2015 at 4:40 PM, Richard Wang <rich...@wosign.com <mailto:rich...@wosign.com> > wrote: So WoSign only left IP address issue that we added both IP address and DNS Name since some browser have warning for IP address only in SAN. Put the IP addresses in the SAN as an iPAddress and then also put them in the Subject CN, one CN per IP address. Then all browsers will accept the certs and they will conform to the baseline requirements (IIUC). Note that this is Ryan Sleevi's good idea. Cheers, Brian
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy