I've encountered a wildcard end-entity certificate on a live server that chains directly to the root cert. There is no intermediate certificate and the root is in the Mozilla trust store.
I assume this is a frowned upon practice that will be stopped as the BRs are adopted and such certs expire naturally. There is no reason for such certs to be reissued indefinitely, is there? Beyond this one case I'm wondering if there are any survey data or anecdotes about how common a practice this is (was?). Thanks. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
