Hi, > On 02/06/2012 04:58 PM, Phillip Hallam-Baker wrote: >> I can't remember when we started having conversations about blocking >> use of non domain domains in certs, things like localhost. But I am >> pretty sure we did not actually have agreement on stopping them that >> would have been active in August 2010. > > Do you think we have consensus on this point now? If so, it seems to me > that an agreeing CA should express that conclusion by revoking any > outstanding certificates whose names don't match the known DNS. > > It doesn't appear to me that Verisign has done so with this certificate. > > --dkg
Eddy Nigg of Startcom tells me it is part of the BR1 requirements by the CABForum. Their effect is not retroactive, however. Ralph -- Dipl.-Inform. Ralph Holz I8: Network Architectures and Services Technische Universität München http://www.net.in.tum.de/de/mitarbeiter/holz/
signature.asc
Description: OpenPGP digital signature
