Jakob Bohm <[email protected]> writes: >While you are at it: > >1. How many WoSign/StartCom certificates did you find with domains not > on that IANA list? > >2. How many WoSign/StartCom certificates did you find for other uses > than https://www.example.tld: > >2.1 Certificates for "odd" subdomains such as "extranet.example.com" > >2.2 Certificates for e-mail > >2.3 Code signing certificates > >2.4 Others?
Note that if you ding WoSign for this you'd also need to indict half the commercial CAs on the planet for issuing certs to non-qualified domains, RFC 1918 addresses, duplicate names, you name it... Peter. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
