[cabfpub] [cabfman] Ballot 92 - Certificate examples to aid discussions.
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Wed Nov 7 20:07:29 UTC 2012
On 11/07/2012 08:09 PM, From Ryan Sleevi:
>
> As repeatedly mentioned, SNI deployment in practice is such that it's
> not a viable option for a variety of sites - particularly those that
> need to work for a wide array of devices and platforms, such as Bank
> of America.
Don't make me laugh....they don't need SNI nor should in any way be any
of their domains somewhere cloaked up in some DV cert among a bunch of
other domains. If that were the case I'd highly suggest not use this any
of their sites.
I believe there are many more sites which simply shouldn't neither have
the need for it nor should be using DV certs at all. Would I find such a
certificate, I probably would actively distrust it.
Coming back to Steve's original primary concern, do you really believe
that sharing a key amongst many different sites, entities and domains is
a good security practice? That bigtits.com and paypal.com should share
the same keys?
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Twitter: Follow Me <http://twitter.com/eddy_nigg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20121107/67f7cfbc/attachment-0004.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4540 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20121107/67f7cfbc/attachment-0002.p7s>
More information about the Public
mailing list