CFCA stated this, in
https://cabforum.org/pipermail/public/2017-July/011733.html
Since then, no further evidence of this claim has been provided.
SHECA ( https://cabforum.org/pipermail/public/2017-July/011737.html ) and
GDCA ( https://cabforum.org/pipermail/public/2017-July/011736.html ) are
more
Didn't someone recently float the argument that the native u-label was required
by local regulation / custom (in China) to be included and so they stuffed it
into the CN?
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https:/
> On Aug 5, 2017, at 17:36, alex.gaynor--- via dev-security-policy
> wrote:
>
> Hi all,
>
> 7.1.4.2.2 of the CABF Baseline Requirements requires that common names always
> be an element from the SAN.
>
> Here are 62 certs, from a variety of CAs which do not meet that requirement:
> https://
Sorry, you're right -- I'd misunderstood the issue with Python. (FWIW, I'm
one of the maintainers of the Python ssl module, and I anticipate us having
a fix for IDNs by the next release).
Alex
On Sun, Aug 6, 2017 at 8:38 PM, Nick Lamb via dev-security-policy <
dev-security-policy@lists.mozilla.or
"simply" how?
If it's your belief that the Python code actually does work for IDN SANs I
think you're going to need to do better than just asserting that it's "simply"
so in the face of subject experts saying it's broken.
___
dev-security-policy mailin
On Sunday, August 6, 2017 at 3:08:32 PM UTC-4, Nick Lamb wrote:
> On Sunday, 6 August 2017 14:10:36 UTC+1, alex@gmail.com wrote:
> > - Using non-IDNA encoded values in the CN, but (correctly!) IDNA encoding
> > the SAN
>
> Note https://bugs.python.org/issue28414
I've followed up on this bug
On Sat, Aug 05, 2017 at 02:36:14PM -0700, alex.gaynor--- via
dev-security-policy wrote:
> - Using non-IDNA encoded values in the CN, but (correctly!) IDNA encoding the
> SAN
I think that's actually correrct?
Kurt
___
dev-security-policy mailing list
On Sunday, 6 August 2017 14:10:36 UTC+1, alex@gmail.com wrote:
> - Using non-IDNA encoded values in the CN, but (correctly!) IDNA encoding the
> SAN
Note https://bugs.python.org/issue28414
At least one popular implementation of TLS in a non-browser client (the Python
SSL implementation) re
Hi all,
7.1.4.2.2 of the CABF Baseline Requirements requires that common names always
be an element from the SAN.
Here are 62 certs, from a variety of CAs which do not meet that requirement:
https://misissued.com/batch/1/
These appear to be for a variety of reasons:
- just plain wrongness :-)
9 matches
Mail list logo