[cabfpub] [cabfman] Ballot 92 - Certificate examples to aid discussions.

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Wed Nov 7 20:07:29 UTC 2012

On 11/07/2012 08:09 PM, From Ryan Sleevi:
> As repeatedly mentioned, SNI deployment in practice is such that it's 
> not a viable option for a variety of sites - particularly those that 
> need to work for a wide array of devices and platforms, such as Bank 
> of America.

Don't make me laugh....they don't need SNI nor should in any way be any 
of their domains somewhere cloaked up in some DV cert among a bunch of 
other domains. If that were the case I'd highly suggest not use this any 
of their sites.

I believe there are many more sites which simply shouldn't neither have 
the need for it nor should be using DV certs at all. Would I find such a 
certificate, I probably would actively distrust it.

Coming back to Steve's original primary concern, do you really believe 
that sharing a key amongst many different sites, entities and domains is 
a good security practice? That bigtits.com and paypal.com should share 
the same keys?

Signer: 	Eddy Nigg, COO/CTO
	StartCom Ltd. <http://www.startcom.org>
XMPP: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Twitter: 	Follow Me <http://twitter.com/eddy_nigg>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20121107/67f7cfbc/attachment-0004.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4540 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20121107/67f7cfbc/attachment-0002.p7s>

More information about the Public mailing list