[SSL Observatory] Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA
Phillip Hallam-Baker
hallam at gmail.com
Tue Nov 8 18:33:12 PST 2011
- Previous message: [SSL Observatory] Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA
- Next message: [SSL Observatory] Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Since he would have to apply for the cert in person (from what was said
earlier) I don't think you can expect him to go braketesting this scheme.
On Tue, Nov 8, 2011 at 8:25 PM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net>wrote:
> On Sat, 05 Nov 2011 16:40:03 +0100, Matthias Hunstock <
> matthias.hunstock at tu-ilmenau.de> wrote:
> > I am member of one of these LRAs and I can tell you that we can NOT
> > issue a cert for twitter.com.
>
> I'm really glad to hear that DFN policies prevent this in some way!
>
> Can i ask how you have tested this restriction? I assume that you at
> least tried with a CSR that has a DN with CN=twitter.com and had it
> rejected. Have you tried anything more sophisticated than that?
>
> For example, have you tried creating a CSR with a DN with
> CN=twitter.com.tu-ilmenau.de, and a bunch of entries in the
> subjectAltNames extension like:
>
> DNS:twitter.com.tu-ilmenau.de,
> DNS:autodiscover.twitter.com.tu-ilmenau.de,
> DNS:twitter.com,
> DNS:autodiscover.twitter.com.local,
> DNS:twitter.com.local
>
> If you're worried about raising red flags by experimenting with a
> high-profile domain like twitter.com, you're welcome to try to spoof
> danielgillmor.com (a domain i control) instead.
>
> Regards,
>
> --dkg
>
--
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/observatory/attachments/20111108/5e000712/attachment.html>
- Previous message: [SSL Observatory] Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA
- Next message: [SSL Observatory] Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Observatory
mailing list