[cabfpub] Misissuance of certificates

Eddy Nigg eddy_nigg at startcom.org
Mon Nov 9 17:30:38 UTC 2015

On 11/09/2015 07:18 PM, Doug Beattie wrote:
> You're so agreeable today!

Just showing some sign of support :-)

> It's only a matter of time before CT will be mandatory, so we all need 
> to be looking down the road and try to figure out how this is going to 
> work.  As far as name redaction, the Domain Name will be disclosed in 
> the certificate CN/SAN fields but not necessarially the node values to 
> the left.  This will allow everyone to know that a cert was issued to 
> some server on domain.com, but not the exact value.

I assume this isn't exactly the philosophy of CT, besides that I expect 
that it technically wouldn't work (since it would produce a different 
hash), but this is Ryan's show...

Signer: 	Eddy Nigg, COO/CTO
	StartCom Ltd. <http://www.startcom.org>
XMPP: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Twitter: 	Follow Me <http://twitter.com/eddy_nigg>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20151109/768bc287/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4313 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20151109/768bc287/attachment-0001.p7s>

More information about the Public mailing list