[SSL Observatory] DFN and subordinate CA domain-scoped whitelists [was: Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA]
Ralph Holz
holz at net.in.tum.de
Wed Nov 9 04:41:28 PST 2011
- Previous message: [SSL Observatory] DFN and subordinate CA domain-scoped whitelists [was: Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA]
- Next message: [SSL Observatory] DFN and subordinate CA domain-scoped whitelists [was: Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA]
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Hi,
>> Matthias, you seem to be aware of the domain-scoped whitelisting policy
>> For example, have you tried creating a CSR with a DN with
>> CN=twitter.com.tu-ilmenau.de, and a bunch of entries in the
>> subjectAltNames extension like:
>
> No, I did not pentest the filter. There is a PKI test instance, e.g. for
> software developmnet, if that also has this filter (I only used it for
> user certs by now) maybe I can play with that one.
>
> Requesting a cert for twitter.com would be an open violation of our CA
> policy by me - I would rather avoid that :)
Hm, I could have a chat with the guys in charge here, maybe they're
willing to do that...
Ralph
--
Dipl.-Inform. Ralph Holz
I8: Network Architectures and Services
Technische Universität München
http://www.net.in.tum.de/de/mitarbeiter/holz/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.eff.org/pipermail/observatory/attachments/20111109/734cc8b3/attachment.sig>
- Previous message: [SSL Observatory] DFN and subordinate CA domain-scoped whitelists [was: Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA]
- Next message: [SSL Observatory] DFN and subordinate CA domain-scoped whitelists [was: Perspectives on Convergence of EFF, EPIC, SSL, TOR, NSA, ET CETERA]
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Observatory
mailing list