[cabfpub] Misissuance of certificates
Gervase Markham
gerv at mozilla.org
Thu Jan 21 02:36:16 MST 2016
On 21/01/16 03:24, Dean Coclin wrote:
> The issue was that some certs have information as part of the CN
> which probably shouldn't be public -- in the HMRC cases, it's a
> tax-related ID number specific to a given company, which probably
> ought to be private between that company and the tax offices. But
> they need certs including that number to exchange information with
> the tax offices. (Arguably that's a poorly designed system but that's
> something to take up with HMRC -- the UK tax office)
And we are sure that, despite being a way of companies communicating
with one specific entity, the system nevertheless uses certificates
chaining to publicly trusted roots?
Gerv
More information about the Public
mailing list