[cabfpub] EV Wildcards

Gervase Markham gerv at mozilla.org
Fri Mar 20 15:18:25 UTC 2015

On 20/03/15 14:29, Tim Shirley wrote:
> But now let’s say I had gotten an EV cert for *.example.com instead. 
> Now I’ve opened up a new class of attack: the bad person could set up
> “othersite.example.com” and impersonate my company and there would be no
> way for me to know that rogue site even exists. 

How exactly would they do that, technically?

If you say "DNS spoofing", then surely it's just as easy to spoof the
DNS for www.example.com or login.example.com, and so there's no
additional risk.


More information about the Public mailing list