James Renken
James Renken
Currently, when `contact-auditor` identifies a bad contact, it reports the registration ID, the bad contact, and the error. It would be nice if it could also provide context, in some...
Boulder checks the Public Suffix List (among other things) to disallow registering with an invalid e-mail address. However, the PSL changes from time to time (and/or the check was once...
- Reorder & break documents into sections - Minor copy cleanups
It looks like X-Chat Aqua/Azure only supports SSLv3; trying to negotiate a connection with a server that requires TLSv1 or newer (with SSL_OP_NO_SSLv3 set on the server side) fails: Connection...
I believe there's a race condition involving compromised keys. Consider the following scenario: * A certificate issuance begins, and passes its final `goodkey`/`sa.KeyBlocked` check before signing. * A compromised key...
MySQL-compatible databases are inefficient for some of Boulder's most demanding data storage needs: * ~~OCSP responses are perfect for a simpler and more performant key-value data model.~~ * Rate limit...
CAs occasionally get GDPR/CCPA/similar requests to delete personal data, including email addresses. For handling these requests, it would be nice to have a CLI tool to modify a registration's contact...
Introduce separate UpdateRegistrationContact & UpdateRegistrationKey methods in RA & SA Clear contact field during DeactivateRegistration Part of #7716 Part of #5554
In #7700 we [removed the `RejectLongCommonName` test case](https://github.com/letsencrypt/boulder/pull/7700/files/73a4d90135b6c58ef4d399a7ba4901143dd35213#diff-f157645025f9b5036f76a31d05c97ce922c8449b367d6769a0689e17f6fc125eL696), but we'd still like to test that the case is handled correctly; "correctly" just no longer means rejecting the CSR. To get...
Move `policy.IsReservedIP` to `iana.IsReservedAddr`. Move `policy.IsReservedPrefix` to `iana.IsReservedPrefix`. Embed & parse IANA's special-purpose address registries for IPv4 and IPv6 in their original CSV format. Fixes #8080