> On Aug 5, 2017, at 17:36, alex.gaynor--- via dev-security-policy 
> <dev-security-policy@lists.mozilla.org> wrote:
> 
> Hi all,
> 
> 7.1.4.2.2 of the CABF Baseline Requirements requires that common names always 
> be an element from the SAN.
> 
> Here are 62 certs, from a variety of CAs which do not meet that requirement: 
> https://misissued.com/batch/1/

I sent a problem report to Symantec about these certificates via their web form 
on 2017-08-07 and received this response from them a few minutes ago:

> Thank you for reporting the issue for Symantec, Thawte and RapidSSL 
> certificates; however, we feel that the certificates we have issued are 
> compliant.  We consider the puny-coded SAN to match the native-coded CN and 
> to best cover both human consumers and machine consumers that need to be able 
> to read the name. Therefore, the certificates should not be revoked.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to