> On Aug 16, 2017, at 19:18, Kathleen Wilson via dev-security-policy > <[email protected]> wrote: > > Bugs filed...
Hi Kathleen, It looks like a bug was not created for GoDaddy about these certificates with invalid dnsNames, containing a space at the beginning of the eTLD+1: https://crt.sh/?id=93578583&opt=cablint https://crt.sh/?id=110219638&opt=cablint https://crt.sh/?id=20950698&opt=cablint https://crt.sh/?id=25047430&opt=cablint https://crt.sh/?id=108417123&opt=cablint Additionally, I don’t believe that any communication was received from the following CAs about “double-dot” certificates[0][1] which they revoked after Rob found them and posted here (they are technically a subset of “invalid dnsNames” but the certificates were not listed in any of the threads linked in the bugs). - GoDaddy - GlobalSign - T-Systems - Symantec I will post comments on the bugs that are already open for the last three. Jonathan [0] https://misissued.com/batch/13/ [1] https://groups.google.com/d/topic/mozilla.dev.security.policy/5bpr9yBgaYo/discussion _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
