On February 21 2018, I reported an unexpired certificate to Identrust which contained SAN entries for several invalid .INT domains:
https://crt.sh/?id=7852280 They acknowledged and revoked the certificate in a timely manner. However, I find this event particularly bothersome: - This certificate was created for Identrust's own internal use. - The issue of .int being a valid TLD has been communicated and well-known since 2009 [1] - I don't believe Identrust has disclosed this misissuance as required. -Nick [1] https://groups.google.com/d/msg/mozilla.dev.security.policy/L9A67IryHu0/RzeaEgIjt48J _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy