It appears that Viktor Dukhovni <uta@ietf.org> said: >That said, it'be really super if various applications profiles decided >to do away with wildcard certificates entirely. Their $$$ cost >advantage is long gone, and otherwise they just damage security by >enabling cross application protocol attacks, ...
Sometimes yes, sometimes no. Sometimes wildcard covers a handful of separate web sites, which is not great, but sometimes it covers a group of closely related sites for which there is no other reasonable way to handle the cert. This one is mostly a joke to stress-test web spiders (it caused a lot of excitement in Redmond WA) but there are plenty of real sites along the same lines: https://wild.web.sp.am R's, John _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta