On Sat, Feb 25, 2017 at 11:22:18AM -0800, Roland Bracewell Shoemaker via dev-security-policy wrote: > It appears GlobalSign has issued an EV certificate containing dNSNames > which include spaces which are non-valid DNS characters. This is a > violation of CABF Baseline Regulations Sections 7.1.4.2.1. and > presumably 3.2.2.4. since there is no way to confirm control of a > non-valid DNS name.
While this is certainly an extremely facepalm-worthy issuance, it's almost certainly not a DCV failure, because the domain for which control was validated is almost certainly the eTLD+1 (`vietnamairlines.com`), and not the FQDN in the sAN. Still... oy gevalt. Also, `cablint` already picks this up (https://crt.sh/?id=10570720&opt=cablint), so yeah... - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy