[SSL Observatory] DFN and subordinate CA domain-scoped whitelists

[Matthias Hunstock]

Am 09.11.2011 16:47, schrieb Daniel Kahn Gillmor:

> My concern is that the CAs in question appear to be signing certificates
> for names that do not have any domain suffix at all, or have a suffix
> (like .local) known to be used in a colliding fashion by many people.

No, not "is signing". WAS signing.

> I'm baffled by the idea that any CA would think it reasonable to sign a
> .local name for a certificate of any duration, let alone a 5 year duration.

Uhm btw. ... did you check the CRL?


Greets