Hi Olfa, On 31/07/17 11:55, Olfa Kaddachi wrote: > 2) The deficiencies identified in those controls after the misissuance of > each of these certificates are essentially: > •controls on the field subject alternative names : > o this field must not contains private addresses > o this filed must not contain 127.0.0.1 address > o this filed must not contain a local FQDN > o this field must at least contain the CN
Given that some of these are BR requirements, why were these controls not in place already? From what date would you say that your CA has been compliant with the CAB Forum Baseline Requirements? > 3) The implemented and planned improvements to the technical controls to > prevent these errors from happening again: When will these improvements be implemented? And, given that these are only four possible ways a certificate can be messed up, what other checks are going to be implemented at the same time? Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
