You are correct, I was not clear.
3.2.2.4.4, 3.2.2.4.6, 3.2.2.4.9, and 3.2.2.4.10 all use the newly
defined "Authorization Domain Name", which should avoid this in the
future.
3.2.2.4.7 is actually the outlier, in that it allows _
(underscore + some label) prefixed to the name being validated. I
Peter,
I'm confused why only the section 3.2.2.4.7 specifically addresses this
concern, and how. If only it does, would it implies that CA must use
this method of section 3.2.2.4.7 to validate a Base Domain Name, which
happened to be an Authorization Domain Name requested by the applicant ?
Howeve
On Sun, Oct 2, 2016 at 9:23 PM, Nick Lamb wrote:
> On Sunday, 2 October 2016 20:53:15 UTC+1, Peter Bowen wrote:
> > There is some good news. The CA/Browser Forum has already addressed
> > this, even prior to the current discussions. Ballot 169
> > (https://cabforum.org/2016/08/05/ballot-169-rev
On Sun, Oct 2, 2016 at 6:23 PM, Nick Lamb wrote:
> On Sunday, 2 October 2016 20:53:15 UTC+1, Peter Bowen wrote:
>
>> Under the new rules, which should be in
>> effect as of 1 March 2017, validating www. will not be a valid
>> method of showing control of . The name is true for any valid
>> hostn
On Sunday, 2 October 2016 20:53:15 UTC+1, Peter Bowen wrote:
> There is some good news. The CA/Browser Forum has already addressed
> this, even prior to the current discussions. Ballot 169
> (https://cabforum.org/2016/08/05/ballot-169-revised-validation-requirements/)
> revises 3.2.2.4 considerab
On Sun, Oct 2, 2016 at 9:49 AM, Nick Lamb wrote:
>
> The second thing obviously is that they do have exactly the "rule" Richard
> Wang described, and they believe this was justified under the BRs old 3.2.2.4
> method 7 (which isn't a method at all, it's basically a catch-all).
>
> I think that's
On Sunday, 2 October 2016 11:11:34 UTC+1, Patrick Figel wrote:
> https://www.mail-archive.com/dev-security-policy@lists.mozilla.org/msg04274.html
Thanks, I too could not find this in Google Groups. That is a little concerning
as I had assumed this was the authoritative source, since it's linked
On 02/10/16 12:01, Jason Milionis wrote:
> Still no response from COMODO CA, that's interesting, but why?
They published an incident report a couple of days ago. For some reason,
it's not visible in the Google Groups archive of m.d.s.p (at least for
me). Here's an alternative link:
https://www.ma
Still no response from COMODO CA, that's interesting, but why?
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
On Monday, September 26, 2016 at 7:21:13 AM UTC-7, Gervase Markham wrote:
> Today, Mozilla is publishing an additional document containing further
> research into the back-dating of SHA-1 certificates, in violation of the
> CAB Forum Baseline Requirements, to avoid browser blocks. It also
> contain
On Saturday, October 1, 2016 at 9:03:38 PM UTC-7, Kurt Roeckx wrote:
> On Sat, Oct 01, 2016 at 11:35:06AM -0700, Percy wrote:
> > "Apple products will trust individual existing certificates issued from
> > this intermediate CA and published to public Certificate Transparency log
> > servers by 20
11 matches
Mail list logo
