[13657] in cryptography@c2.net mail archive
Re: Wildcard Certs
daemon@ATHENA.MIT.EDU (Pete Chown)
Tue Jun 17 07:59:14 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 17 Jun 2003 09:57:24 +0100
From: Pete Chown <Pete.Chown@skygate.co.uk>
To: cryptography@metzdowd.com
In-Reply-To: <20030616075737.GA18032@diamond.madduck.net>
martin f krafft wrote:
> This strikes me as notoriously bad, although it is in accordance
> with the RFC. I still don't want to accept the usefulness and
> inherent security, so I'd like to get some expert opinions on this.
>
> Are wildcard certficates good? secure? useful?
I think this is one of the cases where security can't be considered in
isolation. It depends what risks you are trying to protect against. In
a large company you might want to limit the effects of a key compromise.
For example you might want to make sure that someone who steals the UK
key can't masquerade as the American office.
I can't see any generalised threats that would justify withdrawing
wildcard certs, but perhaps others can.
--
Pete
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
