WKD proper behavior on fetch error
juergen at bruckner.email
Mon Jan 18 12:07:04 CET 2021
Hello again Stefan
Am 17.01.21 um 22:27 schrieb Stefan Claas:
> On Sun, Jan 17, 2021 at 10:16 PM Juergen Bruckner via Gnupg-users
> <gnupg-users at gnupg.org> wrote:
> Hi Juergen.
>> Your showcase with github.io also says nothing else than that Sequoia
>> considers an invalid certificate to be correct. That this happens in
>> audited software says just as much about the value of the audit.
> Please try to accept that GitHub's SSL cert is *valid*, or do you think
> that a CA certifies and invalid cert?
For you to take notes:
The certificate used by github issued by the CA DigiCert Inc IS valid for:
- * .github.com
- * .github.io
- * .githubusercontent.com
so that means the certificate MAY be valid for
but it MUST NOT be valid for
This is stipulated in the guidelines of the CA / B forum to which all
CAs worldwide have to adhere. DigiCert Inc. is no exception.
So what some members have already said to you here applies.
Sequoia accepts an *invalid* certificate for the host
'foo.abc.github.io' and that is "failure by design".
That won't change if you claim the opposite a million times.
/¯\ No |
\ / HTML | Juergen Bruckner
X in | juergen at bruckner.email
/ \ Mail |
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3894 bytes
Desc: S/MIME Cryptographic Signature
More information about the Gnupg-users