Following that discovery, I've search for odd (invalid?) DNS names.
Here is the list of certificated I've found, it may overlap some discovery already reported. If I'm correct, theses certificate are not revoked, not expired, and probably trusted by Mozilla ( issuer are marked trusted by Mozilla, but not all).

Starting with *:      *     *     *     *     *     *     *     *

Starting with -:

Multiple *.:     *.*     *.*      *.*

Internals TLD:     a1.verizon.test     DAC38997VPN2001A.trmk.corp     collaboration.intra.airbusds.corp     zdeasaotn01.dsmain.ds.corp

Are CAs allowed to deliver such certificates?

(Methodology: with the links for expired/revoked certificates)
dev-security-policy mailing list

Reply via email to