CFCA stated this, in
https://cabforum.org/pipermail/public/2017-July/011733.html
Since then, no further evidence of this claim has been provided.
SHECA ( https://cabforum.org/pipermail/public/2017-July/011737.html ) and
GDCA ( https://cabforum.org/pipermail/public/2017-July/011736.html ) are
more
Didn't someone recently float the argument that the native u-label was required
by local regulation / custom (in China) to be included and so they stuffed it
into the CN?
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https:/
> On Aug 5, 2017, at 17:36, alex.gaynor--- via dev-security-policy
> wrote:
>
> Hi all,
>
> 7.1.4.2.2 of the CABF Baseline Requirements requires that common names always
> be an element from the SAN.
>
> Here are 62 certs, from a variety of CAs which do not meet that requirement:
> https://
Sorry, you're right -- I'd misunderstood the issue with Python. (FWIW, I'm
one of the maintainers of the Python ssl module, and I anticipate us having
a fix for IDNs by the next release).
Alex
On Sun, Aug 6, 2017 at 8:38 PM, Nick Lamb via dev-security-policy <
dev-security-policy@lists.mozilla.or
"simply" how?
If it's your belief that the Python code actually does work for IDN SANs I
think you're going to need to do better than just asserting that it's "simply"
so in the face of subject experts saying it's broken.
___
dev-security-policy mailin
On Sunday, August 6, 2017 at 3:08:32 PM UTC-4, Nick Lamb wrote:
> On Sunday, 6 August 2017 14:10:36 UTC+1, alex@gmail.com wrote:
> > - Using non-IDNA encoded values in the CN, but (correctly!) IDNA encoding
> > the SAN
>
> Note https://bugs.python.org/issue28414
I've followed up on this bug
On Sat, Aug 05, 2017 at 02:36:14PM -0700, alex.gaynor--- via
dev-security-policy wrote:
> - Using non-IDNA encoded values in the CN, but (correctly!) IDNA encoding the
> SAN
I think that's actually correrct?
Kurt
___
dev-security-policy mailing list
On Sunday, 6 August 2017 14:10:36 UTC+1, alex@gmail.com wrote:
> - Using non-IDNA encoded values in the CN, but (correctly!) IDNA encoding the
> SAN
Note https://bugs.python.org/issue28414
At least one popular implementation of TLS in a non-browser client (the Python
SSL implementation) re
8 matches
Mail list logo