On Fri, Jul 21, 2017 at 4:04 AM ramirommunoz--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:

> El jueves, 20 de julio de 2017, 16:49:15 (UTC+2), Gervase Markham
> escribió:
> > On 19/07/17 14:53, Alex Gaynor wrote:
> > > I'd like to report the following instance of miss-issuance:
> >
> > Thank you. Again, I have drawn this message to the attention of the CAs
> > concerned (Government of Venezuela and Camerfirma).
> >
> > Gerv
>
> Hi all
>
> Regarding Camerfirma certificates, we have follow the rules imposed by the
> local public administration to regulate the profile of several
> certificates. SSL certificates for public administration websites included.
> There is a entry in cabforum where this issue is described
> https://cabforum.org/pipermail/public/2016-June/007896.html.
> New eIDAS regulation has forced to Spanish Administration to fix this
> problem so from now on we can issue certificate that fully fulfil the
> cabforum rules.
> AC Camerfirma will offer to our public administration customers to renew
> the SSL certificates  with our new eIDAS 2016 CAs.


Could you point where the regulation require(s/d) the CN and SAN (in type
dNSName) contain a URI?

The past discussion was in context of additional SAN types not permitted by
the BRs, but the issue highlighted in this thread is clear violation of RFC
5280 semantics, and it is difficult to believe that was encompassed by
Camerafirma's previous disclosure.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to