Nemeth, Valentin wrote: > Hi Ian, > > >>Then, logically, a *.TLD cert indicates a valid >>wildcard range of addresses, and is therefore >>an identity, albeit a broad one. But, given that >>CAs who have nothing to do with TLDs can >>then issue a wildcard covering an entire TLD, >>I'd be inclined to say that a political not technical >>decision should be made that a *.TLD be treated >>as a special case that gets a special treatment. > > Any decent CA should block a *.tld cert, even a *.d1.tld as well, where d1 > is a 'generic one'. For example it would be almost just as bad to issue > *.co.uk or *.com.au as *.net. The list of these domains is pretty long and > isn't exactly static.
The point is, what if, especially if a country as big as china, or the US, or any other number of countries for that matter applied pressure to make it happen... -- Best regards, Duane http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! http://e164.org - Using Enum.164 to interconnect asterisk servers "In the long run the pessimist may be proved right, but the optimist has a better time on the trip." _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
