On Wed, Apr 17, 2019 at 5:22 PM Wayne Thayer via dev-security-policy < [email protected]> wrote:
> Yesterday, Andrew Ayer filed a bug [1] identifying 14 pre-certificates > issued by Certinomis in February 2019 containing an unregistered domain > name. Since the cause described in the incident report is similar, I added > this under issue F.1. > In the course of investigating this bug [1], it further appears that Certinomis has continued to use method 3.2.2.4.5 to validate domains, despite it being formally prohibited in the Baseline Requirements 8 months ago, in August 2018. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1544933#c8 _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
