On Tue, Dec 11, 2018 at 6:58 AM Daniel Kahn Gillmor
wrote:
> On Sun 2018-12-09 18:35:20 +0100, Kurt Roeckx wrote:
> > On Wed, Dec 05, 2018 at 07:07:30AM +0300, Daniel Kahn Gillmor wrote:
> >> One mitigating factor of the ETSI standard, i suppose, is that the
> >> CABForum's Baseline Requirements
> All the linters will give an error about that, see for instance:
> https://crt.sh/?id=1009623020=x509lint,cablint,zlint
right, so what is to be done about that, when some of these CAs are
clearly violating the BRs? Transparency is only as useful as the
actions we can
On Sun 2018-12-09 18:35:20 +0100, Kurt Roeckx wrote:
> On Wed, Dec 05, 2018 at 07:07:30AM +0300, Daniel Kahn Gillmor wrote:
>> One mitigating factor of the ETSI standard, i suppose, is that the
>> CABForum's Baseline Requirements forbid issuance of a certificate with
>> any subjectAltName other
