"Eugene Crosser" <[EMAIL PROTECTED]> wrote: > There are no "rules" on this matter; and common sense > says that if your company gets a second level domain and > CA certifies that it's yours, any subdomains of this > second level domain should automatically be considered > yours too. So this is not dangerous but logical behavior.
The bulk of the time this is true. But it's not always true. I have several second level domains which I allow others to setup third level domains on. Some of the sites are hosted on servers I control, some are not. There are a lot of domains being used in this way. Think vanity domains. Think soureforge.com. If the CA made the assumption that the org controlling the third or fourth level was the same as the org controlling the second level, the CA will be wrong some percentage of the time. -- Steve Werby President, Befriend Internet Services LLC http://www.befriend.com/ _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
