The point is that "misissuance" of example.com is harmless as they are reserved by IANA. ________________________________________ From: dev-security-policy <dev-security-policy-bounces+yuhongbao_386=hotmail....@lists.mozilla.org> on behalf of Matthew Hardeman via dev-security-policy <dev-security-policy@lists.mozilla.org> Sent: Wednesday, May 31, 2017 10:08:10 AM To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: StartCom issuing bogus certificates
On Wednesday, May 31, 2017 at 12:04:51 PM UTC-5, Yuhong Bao wrote: > It would be better to use example.com and not test.com or anything like that, > as that is defined by IANA as a reserved domain. No, it is necessary to respect the baseline requirements in issuing from "real" trusted or to-be-trusted systems. CAs have gotten in trouble / are in trouble for mis-issuances including example.com quite recently. If a dnsName needs to be included in your test certificate, register a domain owned by the CA for testing purposes. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy