[cabfpub] Misissuance of certificates
Stephen Davidson
S.Davidson at quovadisglobal.com
Tue Nov 17 14:24:24 UTC 2015
If I recall correctly, SET certs have the form:
Subject: C=GB, ST=AS_APPROPRIATE, L= AS_APPROPRIATE, O=COMPANY NAME,
CN=000000000000.to.COMPANYDOMAIN.co.uk/emailAddress=NAME@
COMPANYDOMAIN.co.uk
While they may use EV-style vetting, the certs are not EV.
Best, Stephen
-----Original Message-----
From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On
Behalf Of Gervase Markham
Sent: Tuesday, November 17, 2015 9:43 AM
To: Dean Coclin; Sigbjørn Vik; public at cabforum.org
Subject: Re: [cabfpub] Misissuance of certificates
On 12/11/15 22:45, Dean Coclin wrote:
> Here is the example mentioned on the call today which Gerv wanted to
> hear more about:
>
> https://www.gov.uk/government/uploads/system/uploads/attachment_data/f
> ile/368362/set-installation.pdf
There's something a bit odd going on here. Page 6 of that document says that
the following should be in the CSR:
Common name: <Organisation><SRN>LIVE<DDMMYY>
That doesn't look like a valid DNS name to me. If the CA concerned is doing
EV validation, how are they proving that the customer owns a public DNS
domain of the form:
FooCorp12345643543LIVE121115
? Is any CA on the list part of this program, and so can comment?
Is it also the case that they are using EV certificates for non-SSL
purposes?
Gerv
_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5495 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20151117/b223856c/attachment-0001.p7s>
More information about the Public
mailing list