Thanks for reporting this Alex. I have created the following bugs to track these issues: Sectigo: https://bugzilla.mozilla.org/show_bug.cgi?id=1551362 DigiCert: https://bugzilla.mozilla.org/show_bug.cgi?id=1551363 SwissSign: https://bugzilla.mozilla.org/show_bug.cgi?id=1551364 Government of Turkey: https://bugzilla.mozilla.org/show_bug.cgi?id=1551369 T-Systems: https://bugzilla.mozilla.org/show_bug.cgi?id=1551371 Telia: https://bugzilla.mozilla.org/show_bug.cgi?id=1551372 SecureTrust: https://bugzilla.mozilla.org/show_bug.cgi?id=1551374 certSIGN: https://bugzilla.mozilla.org/show_bug.cgi?id=1551375
- Wayne On Sat, May 11, 2019 at 10:37 AM Alex Cohn via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > Inspired by Nick Lamb's comment a week or so ago on m.d.s.p about "Default > City" being an OpenSSL default value in CSRs, I ran some more searches on > the OpenSSL defaults and found almost 100 certificates with a > stateOrProvinceName of "Some-State". BR section 7.1.4.2.2(f) requires this > field to be verified if present in a certificate. > > Affected CAs are Sectigo, DigiCert, SwissSign, Government of Turkey, > T-Systems, Telia, SecureTrust, and certSIGN. > > Here's the batch: https://misissued.com/batch/53/ > > Alex > _______________________________________________ > dev-security-policy mailing list > dev-security-policy@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy