[SSL Observatory] https://controller.mobile.lan
Phillip Hallam-Baker
hallam at gmail.com
Mon Feb 6 13:58:48 PST 2012
And at the time in question the CA business had been spun off to Symantec.
The VeriSign announcement related to the VeriSign corporate net. The
CPS makes clear that the CA is not on the corporate net. Therefore
either the announcement is in error or it does not relate to the CA.
I can't remember when we started having conversations about blocking
use of non domain domains in certs, things like localhost. But I am
pretty sure we did not actually have agreement on stopping them that
would have been active in August 2010.
So on that basis, it does not look like an issue violation. Not that
that makes it a good thing to have such certs in circulation, just
that it is not cause for yet another panic.
On Mon, Feb 6, 2012 at 4:42 PM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> On 02/06/2012 04:25 PM, Jacob Appelbaum wrote:
>> It's a captive portal - the reason it's interesting is that Verisign is
>> signing .lan - around the time they were owned in 2012, even.
>
> Is this a typo? I think the cert you posted to this list was issued on
> 2010-08-06, not in 2012.
>
> --dkg
--
Website: http://hallambaker.com/
More information about the Observatory
mailing list