I wonder what that even means.  *.com issued by a sub-CA?  that private key
is a massive risk if so!  I wonder if a *.com is even valid according to
browsers.  Or * that would be funny.

Adam

On Sat, Dec 03, 2011 at 02:24:53AM +1300, Peter Gutmann wrote:
Adam Back <[email protected]> writes:

[WAP wildcard certs]

That is bad.  Are you saying there is anyone doing SSL mitm for stream
compression reasons?  Who?

The use of wildard certs in WAP gateways came up from the SSL Observatory
work... hmm, there's at least a mention of it in "An Observatory for the
SSLiverse".

Peter.

_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to