Yes, we tested all browsers, it support IP address. We need to update our PKI system.
Thanks. Best Regards, Richard From: Brian Smith [mailto:[email protected]] Sent: Thursday, November 19, 2015 9:38 AM To: Richard Wang <[email protected]> Cc: Peter Bowen <[email protected]>; Rob Stradling <[email protected]>; [email protected]; Peter Gutmann <[email protected]> Subject: Re: [FORGED] Name issues in public certificates On Tue, Nov 17, 2015 at 4:40 PM, Richard Wang <[email protected] <mailto:[email protected]> > wrote: So WoSign only left IP address issue that we added both IP address and DNS Name since some browser have warning for IP address only in SAN. Put the IP addresses in the SAN as an iPAddress and then also put them in the Subject CN, one CN per IP address. Then all browsers will accept the certs and they will conform to the baseline requirements (IIUC). Note that this is Ryan Sleevi's good idea. Cheers, Brian
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
