On 24/03/15 09:38, Florian Weimer wrote: > The intermediate certificate which prompted this discussion had C=EG, > which does not align well with a limitation to the Chinese market.
I'm not entirely sure what you are saying here. Are you saying you are suprised not to see ".eg" in that list? > How reliable are the data quoted above? It comes from either internet-wide cert scans or CT, or both - Richard can tell you. Remember, the TLD of the domain names in the CN or SAN fields is not the same thing as the C= field in the DN of the owner of the cert. CNNIC could issue a cert to an Egyptian Company called Cairo Corporation for cairocorp.com, and the issuer would be C=EG, O=Cairo Corporation, but the CN would be www.cairocorp.com. In this type of case, .eg would not show up in the list. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
