Hi, >> Matthias, you seem to be aware of the domain-scoped whitelisting policy >> For example, have you tried creating a CSR with a DN with >> CN=twitter.com.tu-ilmenau.de, and a bunch of entries in the >> subjectAltNames extension like: > > No, I did not pentest the filter. There is a PKI test instance, e.g. for > software developmnet, if that also has this filter (I only used it for > user certs by now) maybe I can play with that one. > > Requesting a cert for twitter.com would be an open violation of our CA > policy by me - I would rather avoid that :)
Hm, I could have a chat with the guys in charge here, maybe they're willing to do that... Ralph -- Dipl.-Inform. Ralph Holz I8: Network Architectures and Services Technische Universität München http://www.net.in.tum.de/de/mitarbeiter/holz/
signature.asc
Description: OpenPGP digital signature
