Re: Bad characters in dNSNames

2017-08-17 Thread Rob Stradling via dev-security-policy
On 16/08/17 22:57, alex.gaynor--- via dev-security-policy wrote: On Wednesday, August 16, 2017 at 11:22:01 AM UTC-4, Rob Stradling wrote: BTW, I've just asked Alex to look at adding the "CA Owner" field to the misissued.com reports. :-) It does this now :-) Excellent. Thanks Alex. :-)

Re: Bad characters in dNSNames

2017-08-16 Thread alex.gaynor--- via dev-security-policy
On Wednesday, August 16, 2017 at 11:22:01 AM UTC-4, Rob Stradling wrote: > BTW, I've just asked Alex to look at adding the "CA Owner" field to the > misissued.com reports. :-) > It does this now :-) Cheers, Alex ___ dev-security-policy mailing list

Re: Bad characters in dNSNames

2017-08-16 Thread Jonathan Rudenberg via dev-security-policy
> On Aug 16, 2017, at 11:37, Amus via dev-security-policy > wrote: > > What's wrong with the two Well's Fargo certs? I don't see any invalid > characters in them. https://crt.sh/?opt=cablint=19558707 https://crt.sh/?opt=cablint=11382596 Both have

Re: Bad characters in dNSNames

2017-08-16 Thread Amus via dev-security-policy
What's wrong with the two Well's Fargo certs? I don't see any invalid characters in them. On Wednesday, August 16, 2017 at 9:22:01 AM UTC-6, Rob Stradling wrote: > On 15/08/17 13:29, Gervase Markham via dev-security-policy wrote: > > Hi Rob, > > > > On 26/07/17 11:21, Rob Stradling wrote: > >>

Re: Bad characters in dNSNames

2017-08-16 Thread Rob Stradling via dev-security-policy
On 15/08/17 13:29, Gervase Markham via dev-security-policy wrote: Hi Rob, On 26/07/17 11:21, Rob Stradling wrote: https://docs.google.com/spreadsheets/d/1IACTYMDXcdz4DoMKxkHfePfb5mv2XN68BcB7p6acTqg/edit?usp=sharing Thanks for this. Any chance of saving me a bit of time by cross-referencing

Re: Bad characters in dNSNames

2017-08-15 Thread Gervase Markham via dev-security-policy
Hi Rob, On 26/07/17 11:21, Rob Stradling wrote: > https://docs.google.com/spreadsheets/d/1IACTYMDXcdz4DoMKxkHfePfb5mv2XN68BcB7p6acTqg/edit?usp=sharing Thanks for this. Any chance of saving me a bit of time by cross-referencing each line with the "CA owner" from the CCADB? If that's too much

Re: Bad characters in dNSNames

2017-07-26 Thread Rob Stradling via dev-security-policy
On 26/07/17 11:44, Kurt Roeckx via dev-security-policy wrote: On 2017-07-26 12:21, Rob Stradling wrote: At Jonathan's suggestion, I've used the crt.sh DB to produce this report of certs that have SAN:dNSName(s) that contain non-permitted characters: The report says "CN or dNSName". It's my

Re: Bad characters in dNSNames

2017-07-26 Thread Kurt Roeckx via dev-security-policy
On 2017-07-26 12:21, Rob Stradling wrote: At Jonathan's suggestion, I've used the crt.sh DB to produce this report of certs that have SAN:dNSName(s) that contain non-permitted characters: The report says "CN or dNSName". It's my understanding that in the CN you can have international

Bad characters in dNSNames

2017-07-26 Thread Rob Stradling via dev-security-policy
At Jonathan's suggestion, I've used the crt.sh DB to produce this report of certs that have SAN:dNSName(s) that contain non-permitted characters: https://docs.google.com/spreadsheets/d/1IACTYMDXcdz4DoMKxkHfePfb5mv2XN68BcB7p6acTqg/edit?usp=sharing I've only looked at certs for which there's a