On 11/5/09 5:16 AM, Paul van Brouwershaven wrote: > What do you think of this certificate with the CN > "owa.b3cables.co.uk\ ", again issued by Comodo. > > Serial: D2D0DAD5A1C3E785844AA3C72CA2B191 > > Not in CRL number 2361 Last Update Nov 5 12:35:19 2009 GMT
CA's can prune expired certs from their CRLs to keep the size down. The fact that it's not in a recent CRL doesn't tell whether it was or wasn't in the past. The extra space renders that domain unusable (in Firefox, at least) so it's a bit of a self-limiting problem, but I wouldn't crucify a CA for a trailing space issue. It's a bug they should fix, but let's stick to the more substantive examples you raised. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security