<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
On 11/07/2012 08:09 PM, From Ryan Sleevi:
<blockquote
cite="mid:CACvaWvbm_TNVjg+wWQJp9csVhBTm57WF1_usX6k+UD2cyb88Dg@mail.gmail.com"
type="cite">
<div style="font-family: arial,helvetica,sans-serif; font-size:
10pt;"><br>
As repeatedly mentioned, SNI deployment in practice is such that
it's not a viable option for a variety of sites - particularly
those that need to work for a wide array of devices and
platforms, such as Bank of America.</div>
</blockquote>
<br>
Don't make me laugh....they don't need SNI nor should in any way be
any of their domains somewhere cloaked up in some DV cert among a
bunch of other domains. If that were the case I'd highly suggest not
use this any of their sites.<br>
<br>
I believe there are many more sites which simply shouldn't neither
have the need for it nor should be using DV certs at all. Would I
find such a certificate, I probably would actively distrust it.<br>
<br>
Coming back to Steve's original primary concern, do you really
believe that sharing a key amongst many different sites, entities
and domains is a good security practice? That bigtits.com and
paypal.com should share the same keys? <br>
<br>
<br>
<div class="moz-signature">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, COO/CTO</td>
</tr>
<tr>
<td> </td>
<td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>XMPP: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Twitter: </td>
<td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
<br>
</body>
</html>