[cabfpub] Misissuance of certificates
Gervase Markham
gerv at mozilla.org
Tue Nov 17 13:42:06 UTC 2015
On 12/11/15 22:45, Dean Coclin wrote:
> Here is the example mentioned on the call today which Gerv wanted to
> hear more about:
>
> https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/368362/set-installation.pdf
There's something a bit odd going on here. Page 6 of that document says
that the following should be in the CSR:
Common name: <Organisation><SRN>LIVE<DDMMYY>
That doesn't look like a valid DNS name to me. If the CA concerned is
doing EV validation, how are they proving that the customer owns a
public DNS domain of the form:
FooCorp12345643543LIVE121115
? Is any CA on the list part of this program, and so can comment?
Is it also the case that they are using EV certificates for non-SSL
purposes?
Gerv
More information about the Public
mailing list