> On Aug 2, 2017, at 12:28, Jonathan Rudenberg via dev-security-policy
> wrote:
>
> This certificate, issued on July 27 by certSIGN, has an invalid common name
> of “todyro_2017” and an invalid SAN dnsName of “ tody.ro” (note the leading
> space):
>
> https://crt.sh/?q=93EACBC95AE53D57322CA9646DCF260AE240369714906CD464561402BF32CE96&opt=cablint
The above is not the first certificate issued by certSIGN with a leading space
in a dnsName, which points to a failure in technical controls. Here is another
one:
https://crt.sh/?q=91782A8F1182E239D49FABA796CFDF17AFC22A0D035838FD77FDD633FC72C416&opt=cablint
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy