Unicode Normalization Compliance Incident

Do Let's Encrypt use automated tools to detect invalid certificates?

For example, for that incident:

Certlint did detect that error:

https://crt.sh/?id=187634027&opt=cablint,x509lint

ERROR: Internationalized domain names must be in unicode normalization form C

Boulder itself checks for many properties of an invalid certificate.

I think you can ascertain from that fact that we don’t run Certlint against our certificates presently. This is certainly something we’re considering as a take-away from yesterday’s IDNA incident.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.