On Tue, Feb 6, 2018 at 10:48 AM, Kurt Roeckx via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:
> On 5/02/2018 17:08, Hanno Böck wrote: > >> https://crt.sh/?id=308392091&opt=ocsp >> > > It has: > Subject: > commonName = ftp.gavdi.pl > countryName = PL > > This looks like a combination that's not allowed. Either it's domain > validated, in which case it should not have a countryName, or it should > contain other fields. > > The BRs actually seem to allow this, which at least looks like a bug in > the BRs to me. It would be very handy that the OIDs from the BRs where used > to indicate which validation was used. > It is allowed, and it's not a bug. It's specifically called out in 3.2.2 of the BRs. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
