Am 09.12.2015 um 18:46 schrieb Peter Bowen:
> Do you have an example where you think IPv6 addresses are not being
> handled correctly?
Serial 19D70E1B381579 in your document is the example I stumbled upon.
I managed to get the complete cert from the server and cannot see any
issues there.
It
On Thu, Dec 10, 2015 at 6:07 AM, Matthias Hunstock wrote:
> Am 09.12.2015 um 18:46 schrieb Peter Bowen:
>
>> Do you have an example where you think IPv6 addresses are not being
>> handled correctly?
>
> Serial 19D70E1B381579 in your document is the example I stumbled upon.
>
>
Am 10.12.2015 um 15:47 schrieb Peter Bowen:
> Apologies for this. I will get the tool updated to ensure that IPv6
> addresses do not cause a flag.
Thank you for fixing this!
Matthias
___
dev-security-policy mailing list
On Wed, Dec 9, 2015 at 9:35 AM, Matthias Hunstock wrote:
> Am 17.11.2015 um 09:04 schrieb Peter Bowen:
>
>> There are a couple of rules that may create false positives, so please
>> don't assume every certificate on the sheet is problematic.
>
> Is it possible that your script
Am 17.11.2015 um 09:04 schrieb Peter Bowen:
> There are a couple of rules that may create false positives, so please
> don't assume every certificate on the sheet is problematic.
Is it possible that your script doesn't handle IPv6 addresses properly?
Regards
Peter said..
> While I realize that it is not clear cut in many contexts, RFC 5280 is
> rather clear cut. The authors clearly wanted to avoid stumbling and
> being eaten by a grue, so they wrote:
>
>When the subjectAltName extension contains a domain name system
>label, the domain name
On Thu, Nov 19, 2015 at 4:26 PM, Brian Smith wrote:
> Peter Bowen wrote:
>>
>> Robin Alden wrote:
>> Given that it doesn't, but that that the BRs say "MUST be either a
>> dNSName containing the FullyâQualified Domain Name or an
On Thu, Nov 19, 2015 at 11:57 AM, Robin Alden wrote:
> Peter said..
>> While I realize that it is not clear cut in many contexts, RFC 5280 is
>> rather clear cut. The authors clearly wanted to avoid stumbling and
>> being eaten by a grue, so they wrote:
>>
>>When the
On Tuesday, 17 November 2015 08:04:41 UTC, Peter Bowen wrote:
> Inspired by Rob Stradling's work
> (https://cabforum.org/pipermail/public/2015-November/006269.html), I
> wrote a quick tool to check that commonNames and Subject Alternative
> Names in server auth certificates issued by public CAs
9 matches
Mail list logo