Hi Olfa,

On 31/07/17 11:55, Olfa Kaddachi wrote:
> 2) The deficiencies identified in those controls after the misissuance of 
> each of these certificates are essentially:
> •controls on the field subject alternative names :
>     o this field must not contains private addresses
>     o this filed must not contain 127.0.0.1 address
>     o this filed must not contain a  local FQDN
>     o this field must at least contain the CN

Given that some of these are BR requirements, why were these controls
not in place already?

From what date would you say that your CA has been compliant with the
CAB Forum Baseline Requirements?

> 3) The implemented and planned improvements to the technical controls to 
> prevent these errors from happening again:

When will these improvements be implemented? And, given that these are
only four possible ways a certificate can be messed up, what other
checks are going to be implemented at the same time?

Gerv
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to