Moz folks, do you think this warrants a similar strategy? Putting the full authenticated information (subjectDN and maybe also the SAN.domainName) in the safe UI area leverages this by puts the onus on the CA to be clear about what is validated [I don't think I've seen unauthenticated information in subjectDNs though sometimes there is clutter].
_______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
