Re: Question on CAA processing for mixed wildcard and non-wildcard SAN DNS names

Jakob Bohm via dev-security-policy Mon, 27 Nov 2017 18:49:46 -0800

On 28/11/2017 02:29, Jakob Bohm wrote:

On 27/11/2017 19:37, Nick Lamb wrote:

On Fri, 24 Nov 2017 12:25:40 +0000
Gervase Markham via dev-security-policy
<[email protected]> wrote:

...
While your scenario below sounds compelling, it is very much a contrived
scenario of the type usually used to trick organizations into making bad
policy decisions.

Due to the cost of publicly trusted certificates, many organizations
could, in the same scenario, obtain just the *.example.com + example.com
certificate and install it on both servers.


*would, not could



Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy

Re: Question on CAA processing for mixed wildcard and non-wildcard SAN DNS names

Reply via email to