[cabfpub] EV Wildcards

Eddy Nigg eddy_nigg at startcom.org
Fri Mar 20 21:12:24 UTC 2015

On 03/20/2015 09:56 PM, Dean Coclin wrote:
> "If mywebshop.appspot.com has an EV cert, what I want to know is who is running that business, and how I contact _them_ (or what info I can give to the police). Contact info for Google is not very useful in that circumstance!"
> Gerv-I feel the same way when I see a site that has an OV cert issued to Cloudflare. The website business has nothing to do with Cloudflare yet all I can see in the cert is Cloudflare's name and OU info with about 20-30 SANs for unaffiliated names. And I'm not even sure how those names were vetted. As you said in the face to face, this is not a good situation.

But Dean - Cloudflare could get an EV certificate for all those 20-30 
domain names and sites anyway according to the current EV guidelines. 
Nothing prevents them from doing that technically.

So if you really mean what you say you should try to change the EV 
guidelines (which I'd support). But even then, it still doesn't have 
really anything to do with wild cards.

Signer: 	Eddy Nigg, COO/CTO
	StartCom Ltd. <http://www.startcom.org>
XMPP: 	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: 	Join the Revolution! <http://blog.startcom.org>
Twitter: 	Follow Me <http://twitter.com/eddy_nigg>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150320/2f53ec59/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4313 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150320/2f53ec59/attachment-0001.p7s>

More information about the Public mailing list