As a relying party I read this in the context of the fact that we're talking about names that are anyway prohibited.
Why would you need a publicly trusted certificate that specifies a name that is publicly prohibited?
I guess the answer is "But it works on Windows". And Windows is welcome to implement a parallel "Windows PKI" which can have its own rules about naming and whatever else and so the certificates could be issued in that PKI but not in the Web PKI.
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
