> On Aug 2, 2017, at 12:28, Jonathan Rudenberg via dev-security-policy > <[email protected]> wrote: > > This certificate, issued on July 27 by certSIGN, has an invalid common name > of “todyro_2017” and an invalid SAN dnsName of “ tody.ro” (note the leading > space): > > https://crt.sh/?q=93EACBC95AE53D57322CA9646DCF260AE240369714906CD464561402BF32CE96&opt=cablint
The above is not the first certificate issued by certSIGN with a leading space in a dnsName, which points to a failure in technical controls. Here is another one: https://crt.sh/?q=91782A8F1182E239D49FABA796CFDF17AFC22A0D035838FD77FDD633FC72C416&opt=cablint _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
