[SSL Observatory] DFN and subordinate CA domain-scoped whitelists
Matthias Hunstock
matthias.hunstock at tu-ilmenau.de
Wed Nov 9 08:24:08 PST 2011
Am 09.11.2011 16:47, schrieb Daniel Kahn Gillmor:
> My concern is that the CAs in question appear to be signing certificates
> for names that do not have any domain suffix at all, or have a suffix
> (like .local) known to be used in a colliding fashion by many people.
No, not "is signing". WAS signing.
> I'm baffled by the idea that any CA would think it reasonable to sign a
> .local name for a certificate of any duration, let alone a 5 year duration.
Uhm btw. ... did you check the CRL?
Greets
More information about the Observatory
mailing list