On Monday, 30 January 2017 23:48:51 CET Peter Bowen wrote: > See notes inline about known cities with numbers in their name. > > On Mon, Jan 30, 2017 at 10:39 AM, Peter Bowen <[email protected]> wrote: > > While it is very hard to validate the subject content of certificates > > outside of DNS names, there are a number of heuristics that may be > > useful to trigger a deeper check to ensure that the data is accurate. > > > > A couple of these that I've found useful are: > > > > 1) If stateOrProvince or Locality type attributes contain a Number, > > this is a red flag. I've yet to find any verified legitimate case > > where this is correct > > Of course I hit send and then find a least one valid cases of a number: > > In Egypt (EG) there is a city called "6th of October". > > In the Czech Republic (CZ), ISO lists some subdivisions as having > numbers (https://www.iso.org/obp/ui/#iso:code:3166:CZ). Wikipedia > seems to suggest that these might not be current > (https://en.wikipedia.org/wiki/Regions_of_the_Czech_Republic), but I > think it should be considered reasonable for a CA to rely upon ISO > 3166.
No, they still exist: https://en.wikipedia.org/wiki/Prague_1 http://www.praha1.cz/cps/index.html (note the address at the bottom of the page) -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
