Posted by Jeffrey Walton on Oct 19

Its not clear to me where its been proven. I think your post is
missing some information, like the smoking gun. (It may exist, you
just didn’t make it clear).

If I am reading the check-in correctly, it does not look like its a
MitM. Checking the CN to ensure a hostname match should be OK. But I
should probably read a bit more about the DistinguishedNameParser.

However, it is a policy violation of both the IETF and CA/Browser
Forums. Both…