Inspired by Nick Lamb's comment a week or so ago on m.d.s.p about "Default City" being an OpenSSL default value in CSRs, I ran some more searches on the OpenSSL defaults and found almost 100 certificates with a stateOrProvinceName of "Some-State". BR section 7.1.4.2.2(f) requires this field to be verified if present in a certificate.
Affected CAs are Sectigo, DigiCert, SwissSign, Government of Turkey, T-Systems, Telia, SecureTrust, and certSIGN. Here's the batch: https://misissued.com/batch/53/ Alex _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
