On 13/09/2016 16:56, Peter Bowen wrote:
On Tue, Sep 13, 2016 at 7:53 AM, Ryan Sleevi <r...@sleevi.com> wrote:
We also see a variety of domains using certs from either for purposes that are
ostensibly not relevant to browsers - a frequent dead give-away is a cert for
autodiscover.[example.com] - which is an Exchange AutoConfiguration server not
used by browsers - and mail.[example.com]. I would assert we can be reasonably
confident that critical services should generally not be impacted if such a
cert was not included.
I would be careful reading too much into server names.
mail.[example.com] might host web based email access. For example,
I'm typing this into a site called mail.google.com :)
Also please beware that all/most of the Mozilla certificate trust and
checking code is also used in Mozilla's mail client Thunderbird, to
check certificates for IMAP, POP and SMTP servers.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
