Agreed - the license to use the domain granted by IANA is only for inclusion in documents (https://www.iana.org/domains/reserved). There isn't a license to use the domain for testing or any other purposes.
-----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley=digicert.com@lists.mozilla .org] On Behalf Of Kurt Roeckx via dev-security-policy Sent: Wednesday, May 31, 2017 11:55 AM To: Yuhong Bao <yuhongbao_...@hotmail.com> Cc: mozilla-dev-security-pol...@lists.mozilla.org; Matthew Hardeman <mharde...@gmail.com> Subject: Re: StartCom issuing bogus certificates On Wed, May 31, 2017 at 05:09:57PM +0000, Yuhong Bao via dev-security-policy wrote: > The point is that "misissuance" of example.com is harmless as they are reserved by IANA. But example.com is a real domain that that even has an https website. The certificate is issued by digicert, and the subject says it's to ICANN. If the certificate is not requested by IANA or ICANN nobody should issue a certificate for it. Kurt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
