[cabfpub] Misissuance of certificates

Dean Coclin Dean_Coclin at symantec.com
Thu Jan 21 06:08:08 MST 2016


Yes, I confirmed that they do.

-----Original Message-----
From: Gervase Markham [mailto:gerv at mozilla.org] 
Sent: Thursday, January 21, 2016 4:36 AM
To: Dean Coclin <Dean_Coclin at symantec.com>; Sigbjørn Vik <sigbjorn at opera.com>; public at cabforum.org
Subject: Re: [cabfpub] Misissuance of certificates

On 21/01/16 03:24, Dean Coclin wrote:
> The issue was that some certs have information as part of the CN which 
> probably shouldn't be public -- in the HMRC cases, it's a tax-related 
> ID number specific to a given company, which probably ought to be 
> private between that company and the tax offices. But they need certs 
> including that number to exchange information with the tax offices. 
> (Arguably that's a poorly designed system but that's something to take 
> up with HMRC -- the UK tax office)

And we are sure that, despite being a way of companies communicating with one specific entity, the system nevertheless uses certificates chaining to publicly trusted roots?

Gerv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5747 bytes
Desc: not available
Url : https://cabforum.org/pipermail/public/attachments/20160121/b37bdd9f/attachment-0001.bin 


More information about the Public mailing list