<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>+1</div><div>We think wildcard should limit to OV and IV, not for EV and DV</div><div><br><br>Regards,<div><br></div><div>Richard</div></div><div><br>On Mar 20, 2015, at 19:02, Eddy Nigg <<a href="mailto:eddy_nigg@startcom.org">eddy_nigg@startcom.org</a>> wrote:<br><br></div><blockquote type="cite"><div>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<br>
<div class="moz-cite-prefix">On 03/20/2015 02:18 AM, Ryan Sleevi
wrote:<br>
</div>
<blockquote cite="mid:CACvaWvZS1pqFiE90uTHPzakGjbKe7teTLhs-ttW+EyMT9QfFPA@mail.gmail.com" type="cite">
<div dir="ltr">
<div class="gmail_quote">
<div>Wildcards are the best chance the Internet has to moving
to a secure world, and prohibiting or restricting them does
nothing (from this browsers point of view) to improve
security, and would actively harm TLS adoption.</div>
</div>
</div>
</blockquote>
<br>
I don't think so - there is no reason to stated multiple host names
(sub domains) in a certificate. Nothing prevents from having many
sub domains stated in the certificates (as with EV). Wild cards are
really only necessary for some dynamic applications (sites that add
or remove dynamically sub domains) or for the lazy. <br>
<br>
If it's for the latter I don't see a good reason why not to require
a higher verification, for the former also not because there is a
real need for it.<br>
<br>
For those that want to abuse wild cards, it becomes uninteresting if
a verification (and publication of the details in the certificate)
is required.<br>
<br>
<div class="moz-signature">-- <br>
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, COO/CTO</td>
</tr>
<tr>
<td> </td>
<td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>XMPP: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Twitter: </td>
<td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Public mailing list</span><br><span><a href="mailto:Public@cabforum.org">Public@cabforum.org</a></span><br><span><a href="https://cabforum.org/mailman/listinfo/public">https://cabforum.org/mailman/listinfo/public</a></span><br></div></blockquote></body></html>