Re: Possible DigiCert in-addr.arpa Mis-issuance

> > I believe the list was merely a crt.sh query of all unexpired certificates > with a dNSName ending in "in-addr.arpa": > https://crt.sh/?dNSName=%25.in-addr.arpa=expired Any list for this general issue should also consider unexpired certificates with a dNSName ending in "ip6.arpa" to cover

Re: Policy 2.7 Proposal: Clarify Section 5.1 ECDSA Curve-Hash Requirements

work on integrating your feedback. Thanks again for taking the time to review it. On Wed, May 22, 2019 at 12:25 AM Ryan Sleevi wrote: > > > On Tue, May 21, 2019 at 3:32 PM Daniel McCarney > wrote: > >> >>> Of the 8 unrevoked, they're all issued by a single CA - Gl

Re: Policy 2.7 Proposal: Clarify Section 5.1 ECDSA Curve-Hash Requirements

> > > Of the 8 unrevoked, they're all issued by a single CA - GlobalSign - and > are all RSA keys that lack the explicit NULL parameter, and thus violate > the requirements of https://tools.ietf.org/html/rfc3279#section-2.3.1 > These are flagged by cablint (but not zlint), so that is an