On 2017-06-08 at 04:31 -0700, richmoore44--- via dev-security-policy wrote: > This one is interesting since the domain name of the CRL resolves to an RFC > 1918 IP address. Surely that is a violation of the baseline requirements. > > https://crt.sh/?sha256=b82210cde9ddea0e14be29af647e4b32f96ed2a9ef1aa5baa9cc64b38b6c01ca > > Regards > > Rich.
Nope. The domain name of the CRL (www.cert.fnmt.es.testa.eu) does not resolve to an RFC 1918 IP address. It directly doesn't resolve. 10.0.1.10 is the dns server used by crt.sh _______________________________________________ dev-security-policy mailing list firstname.lastname@example.org https://lists.mozilla.org/listinfo/dev-security-policy