Ryan Sleevi <r...@sleevi.com> writes: >Do you believe it’s still applicable in the Web PKI of the past decade?
Yes, the specific cert I referenced is current valid and passed WebTrust and EV audits. >If you could link to the crt.sh entry, that might be easier. Here's the Microsoft one I mentioned: Microsoft RSA Root Certificate Authority 2017 https://crt.sh/?id=988218851&opt=x509lint,zlint,cablint There are numerous others. This particular one isn't just a CA cert, it's a root cert. >It could be that you’re referencing the use of BMPString I'm just quoting X509lint: ERROR: URL contains a null character Given that this was exposed as a major security hole ten years ago, I was surprised when someone notified me that these things exist, and that no-one seems to have done anything about it. Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy