On Friday, 27 January 2017 12:11:06 UTC, Gervase Markham wrote: > * It's not clear what the problem is with the issuance in category F. I > don't see any mention of "dev119money.com" in Andrew's initial report. > Can you explain (and provide a crt.sh link)?
https://crt.sh/?id=48539119 appears to be the certificate in question. The certificate is clearly bogus in that it identifies the Subject O=test, OU=test, etc. yet real DNS names are included in the SANs. It is not clear to me either why this is different from Category D and so I too would appreciate more information from Steven about that. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy