On Sat, May 16, 2020 at 8:18 PM Peter Gutmann via dev-security-policy < [email protected]> wrote:
> Kurt Roeckx via dev-security-policy <[email protected]> > writes: > > >Browsing crt.sh, I found this: https://crt.sh/?id=1902422627 > > > >It's a certificate for api.pillowz.kz with the public key of Let's > Encrypt > >Authority X1 and X3 CAs. > > How could that have been issued? Since a (PKCS #10) request has to be > self- > signed There is no requirement to submit a PKCS#10 CSR. > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
