(In reply to zivontsis from comment #20) > The presence or absence of this "bug" seems to entirely depend on how an implementation answers this question. I appreciate that this may seem subjective, but hopefully the relevant specifications I've cited help explain. In any event, Aaron's now started the thread at https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/-BogZx_IJyk/m/gHm3l613AgAJ for the discussion of "What if we redefined this", so it may be more appropriate to continue over there. If you have questions for Let's Encrypt regarding this incident, it would remain appropriate to ask them, as that's part of the [Responding to an Incident](https://wiki.mozilla.org/CA/Responding_To_An_Incident) process. If there are relevant technical details or discussions that are overlooked, it's definitely appropriate to bring them up, but hopefully Comment #1 and Comment #19 capture some of the relevant past discussion to be aware of. While I've personally carefully reviewed the contemporaneous IETF lists when this was introduced, if I've overlooked relevant ITU discussion, that would also be greatly appreciated.
Bug 1715455 Comment 21 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to zivontsis from comment #20) > The presence or absence of this "bug" seems to entirely depend on how an implementation answers this question. I appreciate that this may seem subjective, but hopefully the relevant specifications I've cited help explain. In any event, Aaron's now started the thread at https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/-BogZx_IJyk/m/gHm3l613AgAJ for the discussion of "What if we redefined this", so it may be more appropriate to continue over there. If you have questions for Let's Encrypt regarding this incident, it would remain appropriate to ask them, as that's part of the [Responding to an Incident](https://wiki.mozilla.org/CA/Responding_To_An_Incident) process. If there are relevant technical details or discussions that are overlooked, it's definitely appropriate to bring them up, but hopefully Comment #1 and Comment #19 capture some of the relevant past discussion to be aware of. While I've personally carefully reviewed the contemporaneous IETF lists when this language was introduced, if I've overlooked relevant ITU discussion, that would also be greatly appreciated.