Some of these certs are really old. Is there a reason people were using double dot names? Are they all mistakes in the certificate request or is there some logic behind them?
-----Original Message----- From: dev-security-policy [mailto:dev-security-policy-bounces+jeremy.rowley=digicert....@lists.mozilla.org] On Behalf Of Tom via dev-security-policy Sent: Tuesday, July 18, 2017 12:17 PM To: Hanno Böck <ha...@hboeck.de>; mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Certificate with invalid dnsName issued from Baltimore intermediate The "www..*" search is also intersting, I think: https://crt.sh/?dNSName=www..%25 crt.sh ID Logged At ⇧ Not Before Identity Issuer Name 39744873 2016-10-02 2012-12-29 www..coinfling.com 38647998 2016-10-01 2011-03-24 www..altmangroup.com 37532439 2016-10-01 2014-05-02 www..edm.me 35234108 2016-09-26 2013-12-09 www..erhgroup.com.tw 33710552 2016-09-22 2009-08-04 www..webmail.collegeofidaho.edu 33278853 2016-09-20 2013-03-26 www..labpro2000.com 32918004 2016-09-19 2013-04-30 www..getswapapp.com 22835635 2016-06-22 2016-06-20 www..tapspace.org 9999623 2015-10-07 2015-09-23 www..imypaths.com 8584525 2015-07-24 2015-07-22 www..myacademicprogram.in 8431374 2015-07-13 2015-07-06 www..marza.com.br 8216255 2015-06-28 2015-06-25 www..mysummitortho.com 4327936 2014-06-14 2014-06-12 www..mysummitortho.com 4303228 2014-06-10 2008-12-03 www..wildlifelicense.com 3956875 2014-04-25 2014-04-23 www..mysummitortho.com 2728659 2013-09-28 2013-09-25 www..marza.com.br 637932 2013-03-26 2012-10-21 www..guidedstudies.com 85797 2013-03-26 2012-07-01 www..mysummitortho.com Le 18/07/2017 à 17:57, Hanno Böck a écrit : > More dotdot-certificates: > > https://crt.sh/?id=34528113 > for autodiscover.amphenolcanada..com > Expired 2012 > issued by Geotrust (aka symantec) > > https://crt.sh/?id=3478078 > for PDC-LIB-WEB1.RBI1.rbi..in > Expired 2016 > issued by Institute for Development and Research in Banking Technology > > https://crt.sh/?id=4112846 > pkictslvws.dmdc.osd..mil > expired 2016 > issued by U.S. Government > > So all expired, but certainly at least the ones from 2016 are > worrying, indicating that the issuing CAs are failing at domain validation. > > (Due to limitations in the search methodology - scraping crt.sh search > results and looping through tlds - I only searched for ..tld. It would > certainly be valuable to search further.) > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
