On Wednesday, May 31, 2017 at 12:10:36 PM UTC-5, Yuhong Bao wrote: > The point is that "misissuance" of example.com is harmless as they are > reserved by IANA.
Except that having a trusted root CA in the major root programs is a privileged club with a lot of non-obvious rules. One of those (roughly) being that you are never allowed to issue certs for things you don't have permission to issue a cert for. Not even for tests. See this certificate. https://crt.sh/?id=24558997 Ask Symantec if the misissuance of that certificate for www.example.com was harmless to them. I suspect they won't answer [at least not timely answer], but if they were being honest I'll be they really really regret that certificate's issuance. Hint: The issuance of that "harmless" certificate is one of the reasons that they're on their way to being a really-close-to-not-trusted CA. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy