On Wed, May 31, 2017 at 05:09:57PM +0000, Yuhong Bao via dev-security-policy wrote: > The point is that "misissuance" of example.com is harmless as they are > reserved by IANA.
But example.com is a real domain that that even has an https website. The certificate is issued by digicert, and the subject says it's to ICANN. If the certificate is not requested by IANA or ICANN nobody should issue a certificate for it. Kurt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy