On Mon, Mar 25, 2019 at 12:05:44AM -0700, jonathansshn--- via dev-security-policy wrote: > 在 2019年2月27日星期三 UTC+8下午11:28:00,michel.le...@gmail.com写道: > > I noticed this certificate > > https://crt.sh/?id=1231965201&opt=cablint,x509lint,zlint that has an > > invalid domain `mail.xinhua08.con` in SANs. This looks like a typo and > > `mail.xinhua08.com` is present in other certificates. Such an issue > > makes me wonder about the quality of their validation. > > For the missed input subjectAltname in this case, as Jokob Bohm said, the > CAA checking action couldn't prevent this from happening perfectly. We > CFCA checked the production log, and this error is caused by operator's > manual input. CFCA had finished system updates which would check TLD in > common name and subjectAltnames automatically in February 27 update, the > wrong TLD input will be reported as "invalid TLD " from the system after > this update. More training had been done to operators.
Which method of domain control validation was used for this name in this certificate? - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy