> On Aug 5, 2017, at 17:36, alex.gaynor--- via dev-security-policy
> <email@example.com> wrote:
> Hi all,
> 220.127.116.11.2 of the CABF Baseline Requirements requires that common names always
> be an element from the SAN.
> Here are 62 certs, from a variety of CAs which do not meet that requirement:
I sent a problem report to Symantec about these certificates via their web form
on 2017-08-07 and received this response from them a few minutes ago:
> Thank you for reporting the issue for Symantec, Thawte and RapidSSL
> certificates; however, we feel that the certificates we have issued are
> compliant. We consider the puny-coded SAN to match the native-coded CN and
> to best cover both human consumers and machine consumers that need to be able
> to read the name. Therefore, the certificates should not be revoked.
dev-security-policy mailing list