On 22/04/17 02:23, Matt Palmer wrote: > Didn't a CA get caught fairly recently issuing certs with sAN:example.com > when the validation was for www.example.com, and got a stern talking to as a > result? I vaguely recall something about that, but not with enough detail > to trawl the archives looking for it.
Yes, it was WoSign. https://wiki.mozilla.org/CA:WoSign_Issues#Issue_N:_Additional_Domain_Errors_.28June_2015.29 Bug N1. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy