Re: CFCA certificate with invalid domain

On Mon, Mar 25, 2019 at 12:05:44AM -0700, jonathansshn--- via dev-security-policy wrote: > 在 2019年2月27日星期三 UTC+8下午11:28:00，michel.le...@gmail.com写道： > > I noticed this certificate > > https://crt.sh/?id=1231965201=cablint,x509lint,zlint that has an > > invalid domain `mail.xinhua08.con` in SANs.

Re: CFCA certificate with invalid domain

在 2019年2月27日星期三 UTC+8下午11:28:00，michel.le...@gmail.com写道： > Hello, > > I noticed this certificate > https://crt.sh/?id=1231965201=cablint,x509lint,zlint that has an invalid > domain `mail.xinhua08.con` in SANs. This looks like a typo and > `mail.xinhua08.com` is present in other certificates.

Re: CFCA certificate with invalid domain

On 18/03/2019 02:05, Nick Lamb wrote: On Fri, 15 Mar 2019 19:41:58 -0400 Jonathan Rudenberg via dev-security-policy wrote: I've noted this on a similar bug and asked for details: https://bugzilla.mozilla.org/show_bug.cgi?id=1524733 I can't say that this pattern gives me any confidence that

Re: CFCA certificate with invalid domain

On Fri, 15 Mar 2019 19:41:58 -0400 Jonathan Rudenberg via dev-security-policy wrote: > I've noted this on a similar bug and asked for details: > https://bugzilla.mozilla.org/show_bug.cgi?id=1524733 I can't say that this pattern gives me any confidence that the CA (CFCA) does CAA checks which

Re: CFCA certificate with invalid domain

On Fri, Mar 15, 2019, at 10:58, bstephens822--- via dev-security-policy wrote: > On Wednesday, February 27, 2019 at 10:28:00 AM UTC-5, > michel.le...@gmail.com wrote: > > Hello, > > > > I noticed this certificate > > https://crt.sh/?id=1231965201=cablint,x509lint,zlint that has an > > invalid

Re: CFCA certificate with invalid domain

On Wednesday, February 27, 2019 at 10:28:00 AM UTC-5, michel.le...@gmail.com wrote: > Hello, > > I noticed this certificate > https://crt.sh/?id=1231965201=cablint,x509lint,zlint that has an invalid > domain `mail.xinhua08.con` in SANs. This looks like a typo and > `mail.xinhua08.com` is

Re: 答复: Certificate Problem Report (9WG: CFCA certificate with invalid domain)

> Best wishes! > > > > Jonathan Sun > > Certificate Product Manager > > International Coperation Group > > Tel: +86 010 80864127 > > > > > > -邮件原件- > > 发件人: Buschart, Rufus > > 发送时间: 2019年2月28日 19:00 > > 收件人: r...@cfc

Re: 答复: Certificate Problem Report (9WG: CFCA certificate with invalid domain)

on >> michel.lebihan2000--- via dev-security-policy >> Gesendet: Mittwoch, 27. Februar 2019 08:54 >> An: mozilla-dev-security-pol...@lists.mozilla.org >> Betreff: CFCA certificate with invalid domain >> >> Hello, >> >> I noticed this certificate >&

Re: 答复: Certificate Problem Report (9WG: CFCA certificate with invalid domain)

...@cfca.com.cn 主题: Certificate Problem Report (9WG: CFCA certificate with invalid domain) Dear PKI team at CFCA! There is a misissued certificate https://crt.sh/?id=1231965201=cablint,x509lint,zlin from your CA which is not revoked yet. I think you should have a look. With best regards, Rufus Buschart

AW: CFCA certificate with invalid domain

Mittwoch, 27. Februar 2019 08:54 > An: mozilla-dev-security-pol...@lists.mozilla.org > Betreff: CFCA certificate with invalid domain > > Hello, > > I noticed this certificate > https://crt.sh/?id=1231965201=cablint,x509lint,zlint that has an invalid > domain `mail.xinhua08.co

CFCA certificate with invalid domain

Hello, I noticed this certificate https://crt.sh/?id=1231965201=cablint,x509lint,zlint that has an invalid domain `mail.xinhua08.con` in SANs. This looks like a typo and `mail.xinhua08.com` is present in other certificates. Such an issue makes me wonder about the quality of their validation.