On Wed, Dec 9, 2015 at 9:35 AM, Matthias Hunstock <no-s...@ple4se.org> wrote: > Am 17.11.2015 um 09:04 schrieb Peter Bowen: > >> There are a couple of rules that may create false positives, so please >> don't assume every certificate on the sheet is problematic. > > Is it possible that your script doesn't handle IPv6 addresses properly?
It should handle IPv6 addresses correctly when they are presented in the SAN using the IPAddress type. It would currently flag IPv6 addresses in the common name as issues, but I did a manual check and found no certificates with IPv6 addresses in the common name. Do you have an example where you think IPv6 addresses are not being handled correctly? Thanks, Peter _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy