[SSL Observatory] https://controller.mobile.lan
Ralph Holz
holz at net.in.tum.de
Mon Feb 6 14:17:07 PST 2012
Hi,
> On 02/06/2012 04:58 PM, Phillip Hallam-Baker wrote:
>> I can't remember when we started having conversations about blocking
>> use of non domain domains in certs, things like localhost. But I am
>> pretty sure we did not actually have agreement on stopping them that
>> would have been active in August 2010.
>
> Do you think we have consensus on this point now? If so, it seems to me
> that an agreeing CA should express that conclusion by revoking any
> outstanding certificates whose names don't match the known DNS.
>
> It doesn't appear to me that Verisign has done so with this certificate.
>
> --dkg
Eddy Nigg of Startcom tells me it is part of the BR1 requirements by the
CABForum. Their effect is not retroactive, however.
Ralph
--
Dipl.-Inform. Ralph Holz
I8: Network Architectures and Services
Technische Universität München
http://www.net.in.tum.de/de/mitarbeiter/holz/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.eff.org/pipermail/observatory/attachments/20120206/9227f113/attachment.sig>
More information about the Observatory
mailing list