https://letsencrypt.org/.well-known/security.txt does not implement RFC9116 correctly
Opened this issue · 2 comments
Deleted user commented
The live site: https://letsencrypt.org/.well-known/security.txt
and its source https://github.com/letsencrypt/website/blob/main/static/.well-known/security.txt
is not following RFC9116 correctly; at minimum the Contact information is in the wrong format.
please see https://www.rfc-editor.org/rfc/rfc9116#section-2.5.3
Additional information can be found:
jprenken commented
Fixed. Many thanks!
Deleted user commented
Additionally it turns out that there are more MUST always than that; sorry.
One is Expires https://www.rfc-editor.org/rfc/rfc9116#section-2.5.5