On Tue, Jun 17, 2003 at 09:57:24AM +0100, Pete Chown wrote: > I can't see any generalised threats that would justify withdrawing > wildcard certs, but perhaps others can.
I think it's maybe cleaning a pistol for the user, but it's neither loading it, nor pointing it at their foot for them, and it's certainly not pulling the trigger for them. The obvious concern that I can see is that you later delegate DNS for some subdomain to someone else, and they do something Bad. I think, however, that the hurdles in such an attack are significant. Getting the delgation isn't hard (my employer has one from a certain large pharmaceuticals manufacturer in Delaware because we host a web site for them with a failover system that relies on short-TTL DNS zones), but getting ahold of the secret key for your rogue web server SHOULD be at least extremely difficult if not functionally impossible. The threat model for that is the same as it always ways (and not a function of the certificate verification process in any case). I'd say the benefit (not having to fork over cash for every single server you own) is worth it. I'm assuming this "domain certificate" is substantially more expensive than a single host cert, but I'm sure there's a number of hosts where it starts making monetary sense. -- gabriel rosenkoetter [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
