>
> I believe the list was merely a crt.sh query of all unexpired certificates
> with a dNSName ending in "in-addr.arpa":
> https://crt.sh/?dNSName=%25.in-addr.arpa=expired
Any list for this general issue should also consider unexpired certificates
with a dNSName ending in "ip6.arpa" to cover
work on integrating your feedback. Thanks again
for taking the time to review it.
On Wed, May 22, 2019 at 12:25 AM Ryan Sleevi wrote:
>
>
> On Tue, May 21, 2019 at 3:32 PM Daniel McCarney
> wrote:
>
>>
>>> Of the 8 unrevoked, they're all issued by a single CA - Gl
>
>
> Of the 8 unrevoked, they're all issued by a single CA - GlobalSign - and
> are all RSA keys that lack the explicit NULL parameter, and thus violate
> the requirements of https://tools.ietf.org/html/rfc3279#section-2.3.1
> These are flagged by cablint (but not zlint), so that is an
3 matches
Mail list logo