On Fri, Sep 9, 2022 at 3:12 AM Michel Le Bihan <[email protected]> wrote:
> OV and EV certificates contain the name of the organization besides the > domain name. I'm sure Cloudflare is not going to do the verification work required to issue OV and EV certs on behalf of the sites they protect, and their issuing cert is almost certainly not given that authority (I didn't check, though). In fact, it's even possible the contract under which they got their sub-CA requires them to put their name on certs so people don't mistake those certificates for ones issued from other CAs to a site owner to be deployed directly on that site. The commonName is just a DNS Name. One of the names in SAN. It's deprecated, > but CAs still add it there probably for compatibility reasons. I agree that > it might confuse users and should probably be entirely removed. Oh, I was saying the opposite. I think Cloudflare put that there intentionally as a signal and should not remove it. Of course we won't know their intention for sure unless someone from Cloudflare speaks up. -Dan Veditz -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CADYDTCBZWPAXZ_kybAp%3D5Y1f-BxATgWjsJzMsPoGr3Xc_W3rqg%40mail.gmail.com.
