Erwann Abalea <eaba...@gmail.com> writes: >That's really an OID, in the Microsoft arc. I don't know what triggered the >"Error: OID contains random garbage" message,
Uhh, the fact that it contains random garbage encoded as an OID? >This OID is correctly encoded, the fact that it contains somewhat random >looking integers isn't an error Taking Microsoft's own words (from https://msdn.microsoft.com/en-us/library/windows/desktop/bb540791%28v=vs.85%29.aspx): The individual elements in the string, separated by periods, represent the arcs and leaves in a registration authority tree that uniquely identifies the object and the organization that registered it. could you perhaps explain to the class which arcs and leaves in a registration authority tree [...] 3675690 6234259 10436751 12227305 62135 141 959321 10252252 represent? >This is required by the CABF BR. If this gibberish is required by the BR then there's an awful lot of noncompliant certs out there. Pretty much all of them, I'd say. >That could fall under CABF BR Appendix B (4) (a) rule. Even if I hold the BR doc sideways and squint at it, I still can't see where in B (4) it says the CA has to include an S/MIME extension for 1970s and 1980s crypto algorithms in a TLS server cert. In particular the wording: The CA SHALL NOT issue a Certificate that contains [...] unless the CA is aware of a reason for including the data in the Certificate. CAs SHALL NOT issue a Certificate with [...] unless the Applicant can otherwise demonstrate the right to assert the data in a public context; basically says "CAs SHALL NOT do X except that they can if they want". >That could fall under CABF BR Appendix B (4) (a) rule. >No upper limit is imposed by the standards. There's also no law specifically saying that you're not allowed to stagger around in public complaining that the sun is too loud and warning people about the ice weasels, but that doesn't mean that it's not a sign that something's gone seriously wrong somewhere. Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy