Hi Quirin, I'm curious about how you recorded the historical information from DNS, can you explain how this was requested and logged?
We logged the data used for issuance of the GlobalSign certificate at the time of issuance and it's different from what you recorded. We logged that there was no “issuewild” entry and that "digicert.com", "globalsign.com", "letsencrypt.org" and "rapidssl.com" are all defined as “issue” at time of issuance. Doug On Friday, November 24, 2017 at 7:23:25 AM UTC-5, Gervase Markham wrote: > Hi Quirin, > > Thank you for your work on this topic. I would be grateful if you could > file Bugzilla bugs in the Misissuance component as follows, giving your > evidence of misissuance: > > On 22/11/17 23:50, Quirin Scheitle wrote: > > 1) Mix of wildcard and non-wildcard DNS names in SAN > > Batch: https://misissued.com/batch/32/ > > Description: best confer > > https://groups.google.com/d/msg/mozilla.dev.security.policy/O9HZPMvHMY8/HtXR8S-1AAAJ > > One bug per CA, please. > > > 4) Apparent non-evaluation of CAA records > > Batch: https://misissued.com/batch/33/ > > Description: These cases appear as pretty straight-forward that they > > should not have been issued, but > > there might be good explanations > > One bug for the two Comodo certs, one for the Camerfirma cert. > > Thank you, > > Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
