<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 12px; font-family: Arial, sans-serif; "><div><div><div>Hi Eddy, </div><div><br></div><div>Indeed, that's correct and this is my main concern. As I've said on previous posts my intention is not diving into the security aspect here but providing clear information to users about todays reality. The security guard who holds 10 keys to open 10 locks or one skeleton key that also opens the same ten locks brings up interesting points of discussion, but what I'm trying to identify here is to let people know there's a security guard at all. Whether he's the owner of all of the keys and locks or is acting on behalf of separate owners is what the Ballot tries to offer.</div><div><br></div><div>IPv6, SNI etc will eventually slow the rate/need for multi dimensional, multi owner certificates and hopefully also increase the adoption rate of simple domain validated certificates. </div><div><br></div><div>With Ryan's help I'm going to create a few real life examples to illustrate the points that everyone is confused about. Hopefully by tomorrow, but if not then by Friday. </div><div><br></div><div>Steve</div><div><div><div><p></p><font class="Apple-style-span" style="color: rgb(0, 0, 0); "><font class="Apple-style-span"><p style="font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-size: 14px; "></p></font></font></div></div></div></div></div><div><br></div><span id="OLK_SRC_BODY_SECTION"><div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt"><span style="font-weight:bold">From: </span> Eddy Nigg <<a href="mailto:eddy_nigg@startcom.org">eddy_nigg@startcom.org</a>><br><span style="font-weight:bold">Organization: </span> StartCom Ltd.<br><span style="font-weight:bold">Date: </span> Tuesday, 30 October 2012 20:27<br><span style="font-weight:bold">To: </span> "<a href="mailto:public@cabforum.org">public@cabforum.org</a>" <<a href="mailto:public@cabforum.org">public@cabforum.org</a>><br><span style="font-weight:bold">Subject: </span> Re: [cabfpub] Ballot 92 reviewed<br></div><div><br></div><div>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<div bgcolor="#FFFFFF" text="#000000">
<br>
On 10/30/2012 08:48 PM, From <a class="moz-txt-link-abbreviated" href="mailto:kirk_hall@trendmicro.com:">kirk_hall@trendmicro.com:</a>
<blockquote cite="mid:EF70381B2D29784EA4FC66042BE81EAF4E0C31@SJDCEXMBX03.us.trendnet.org" type="cite">
<pre wrap="">My other question was, what is the difference between 10 DV certs (each for a single domain) where domain control was proved for each with a single customer, versus a DV SANs cert with the same 10 domains inside, where domain control was proved for each with a single customer?
</pre>
</blockquote>
<br>
I noted previously that current UIs clearly show the domain name
(common name?) prominently. You know (even if only by proxy) who has
the private key (that of the domain).<br>
<br>
But Steve might have even more reasons.<br>
<br>
<br>
<div class="moz-signature">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, COO/CTO</td>
</tr>
<tr>
<td> </td>
<td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>XMPP: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Twitter: </td>
<td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
<br>
</div></div>
_______________________________________________
Public mailing list
<a href="mailto:Public@cabforum.org">Public@cabforum.org</a>
<a href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a>
</span></body></html>