On 02/23/2009 02:35 PM, Jean-Marc Desperrier:
- I don't expect there will be any effort to try to stop CA from issuing dangerous wildcard certificates, since it won't solve the problem at large.
This isn't the cure of the problem, wild cards are very useful! The problem is the validation requirement for wild cards. I think and believe that considering current business practices and fees charged for wild cards it is reasonable to require at least identity validation - similar to the same requirement for code signing.
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [email protected] Blog: https://blog.startcom.org _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
