[SSL Observatory] https://controller.mobile.lan
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Feb 6 14:07:44 PST 2012
On 02/06/2012 04:58 PM, Phillip Hallam-Baker wrote:
> I can't remember when we started having conversations about blocking
> use of non domain domains in certs, things like localhost. But I am
> pretty sure we did not actually have agreement on stopping them that
> would have been active in August 2010.
Do you think we have consensus on this point now? If so, it seems to me
that an agreeing CA should express that conclusion by revoking any
outstanding certificates whose names don't match the known DNS.
It doesn't appear to me that Verisign has done so with this certificate.
--dkg
More information about the Observatory
mailing list