On Tue, May 20, 2014 at 11:23:54AM -0700, Kathleen Wilson wrote: > > Maybe we should re-visit the idea of a "wall of shame", and publicly list > the CAs who are still issuing certificates with the following problems. > * No Subject alternative name extension > * Fails decoding the character set > * Contains control characters > * Certificate not version 3 > * Long-lived certs (beyond what BRs allow)
So I've added some other strange looking graph about the 39 and 60 month limit in the BR. I would actually like to add to that list those certificates that fail to parse. Those are certificates that pass the sign verification step but then fail to parse for some reason. But I really should take a closer look at why some of them fail. Kurt _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
