Ryan, My answers on the particular issues are stated inline. But the thing I want to address is how could (in this case Digicert) validate such data and issues certificates? I am investigation more of them and afraid even linked company names or registration numbers could be false. Shouldn't those certificates be revoked?
On Wednesday, 19 April 2017 21:28:26 UTC+2, Ryan Sleevi wrote: > On Wednesday, April 19, 2017 at 3:13:36 PM UTC-4, Mike Pasarella wrote: > > To add some more concerning this issue: > > > > https://xenapp.alpinvest.com/ > > https://crt.sh/?id=42227446 > > localityName of Amsterdam > stateOrProvinceName of 19 > countryName of NL > > Problem has existed since 2013 - https://crt.sh/?id=6164627 But not solved? Shouldn't this certificate be revoked? > > > https://adoftheyear.com > > https://crt.sh/?id=55977126 > > localityName of Rotterdam > stateOrProvinceName of California > countryName of NL California is for sure not a province in The Netherlands. > > https://crt.sh/?id=5178826 goes back to at least 2014 > > Previous (good) cert from Comodo at https://crt.sh/?id=36863825 > > > https://secure.mobihealth.com > > https://crt.sh/?id=38952224 > > localityName of Enschede > stateOrProvinceName of 15 > countryName of NL > > Strangely, this cert had issues from 2013 - 2014 (see > https://crt.sh/?id=734399 https://crt.sh/?id=3495854 > https://crt.sh/?id=5271322 ), briefly fixed the issue (see > https://crt.sh/?id=9342945 https://crt.sh/?id=10983769 > https://crt.sh/?id=12915701 https://crt.sh/?id=36254431 ) then went back to > the issue. > > It appears the distinction was DigiCert SHA2 Secure Server CA (which does the > right thing) and DigiCert High Assurance CA-3 (which does the wrong thing) > > > https://portal.mobilitymixx.nl > > I'm not sure I understand enough to know what the issues are here. Could you > explain? Almere is a city (which is correct), but not the province. https://en.wikipedia.org/wiki/Almere > > > https://mijn.nfu.nl > > https://crt.sh/?id=41866884 > > localityName of Utrecht > stateOrProvinceName of 03 > countryName of NL > > > https://portal.payplaza.com > > https://crt.sh/?id=106229165 > > I'm not sure I understand the issues enough to know what's wrong here? Eindhoven is not in the province Noord-Holland. Noord-Brabant (or Brabant) should be correct. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
