[13644] in cryptography@c2.net mail archive
Wildcard Certs
daemon@ATHENA.MIT.EDU (martin f krafft)
Mon Jun 16 08:50:41 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 16 Jun 2003 09:57:37 +0200
From: martin f krafft <madduck@madduck.net>
To: crypto list <cryptography@metzdowd.com>
Mail-Followup-To: crypto list <cryptography@metzdowd.com>
--gBBFr7Ir9EOA20Yy
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
I just ran across
http://certs.centurywebdesign.co.uk/premiumssl-wildcard.html
but there are many more sites like that:
Secure multiple websites with a single PremiumSSL Certificate. For
organisations hosting a single domain name but with different
subdomains (e.g. secure.centurywebdesign.co.uk,
www.centurywebdesign.co.uk, signup.centurywebdesign.co.uk), the
wildcard Certificate is a cost effective and efficient means of
securing all subdomains without the need to manage multiple
certificates. All the features, compatibility and warranty of
PremiumSSL included.
This strikes me as notoriously bad, although it is in accordance
with the RFC. I still don't want to accept the usefulness and
inherent security, so I'd like to get some expert opinions on this.
Are wildcard certficates good? secure? useful?
Would you employ them? If not, how would you solve the problem they
are trying to address (if you don't have your own CA)?
Thanks!
--=20
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck
=20
keyserver problems? http://keyserver.kjsl.com/~jharris/keyserver.html
get my key here: http://madduck.net/me/gpg/publickey
=20
"a scientist once wrote that all truth passes through three stages:
first it is ridiculed, then violently opposed and eventually,
accepted as self-evident."
-- schopenhauer
--gBBFr7Ir9EOA20Yy
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE+7XhxIgvIgzMMSnURAi/cAKDmglgi4zgydV2rmQ6tzlZwl8iK/QCgvhmd
Toq1FcD3XhWleVWRlGIgJmQ=
=bFAj
-----END PGP SIGNATURE-----
--gBBFr7Ir9EOA20Yy--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
