[cabfpub] Proposed new ballot on IP Addresses in SANs
Gervase Markham
gerv at mozilla.org
Wed Apr 27 07:15:39 MST 2016
On 25/04/16 16:07, Peter Bowen wrote:
> https://gist.github.com/pzb/ecaf3701bc631a8f0589e8eff277e694 is the
> list of these 435 certificates. A few dozen are certificates that
> cannot be renewed (as they have RFC1918/3330 addresses included) but
> the rest are examples of certificates where the proposed solution of
> one IP/name per cert might not be viable.
Or there are a load of sites hosted on the same machine and someone
stuck the machine's IP address into the cert because it seemed like a
good idea at the time.
In other words, I'm not sure we can conclude that all 435 or so
organizations here did this because they knew exactly what they were doing.
Gerv
More information about the Public
mailing list