I just ran across


but there are many more sites like that:

  Secure multiple websites with a single PremiumSSL Certificate. For
  organisations hosting a single domain name but with different
  subdomains (e.g. secure.centurywebdesign.co.uk,
  www.centurywebdesign.co.uk, signup.centurywebdesign.co.uk), the
  wildcard Certificate is a cost effective and efficient means of
  securing all subdomains without the need to manage multiple
  certificates. All the features, compatibility and warranty of
  PremiumSSL included.

This strikes me as notoriously bad, although it is in accordance
with the RFC. I still don't want to accept the usefulness and
inherent security, so I'd like to get some expert opinions on this.

Are wildcard certficates good? secure? useful?
Would you employ them? If not, how would you solve the problem they
are trying to address (if you don't have your own CA)?


martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED]
keyserver problems? http://keyserver.kjsl.com/~jharris/keyserver.html
get my key here: http://madduck.net/me/gpg/publickey
"a scientist once wrote that all truth passes through three stages:
 first it is ridiculed, then violently opposed and eventually,
 accepted as self-evident."
                                                       -- schopenhauer

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to