[cabfpub] EV Wildcards

Richard Wang richard at wosign.com
Fri Mar 20 21:13:08 UTC 2015

We think wildcard should limit to OV and IV, not for EV and DV



> On Mar 20, 2015, at 19:02, Eddy Nigg <eddy_nigg at startcom.org> wrote:
>> On 03/20/2015 02:18 AM, Ryan Sleevi wrote:
>> Wildcards are the best chance the Internet has to moving to a secure world, and prohibiting or restricting them does nothing (from this browsers point of view) to improve security, and would actively harm TLS adoption.
> I don't think so - there is no reason to stated multiple host names (sub domains) in a certificate. Nothing prevents from having many sub domains stated in the certificates (as with EV). Wild cards are really only necessary for some dynamic applications (sites that add or remove dynamically sub domains) or for the lazy. 
> If it's for the latter I don't see a good reason why not to require a higher verification, for the former also not because there is a real need for it.
> For those that want to abuse wild cards, it becomes uninteresting if a verification (and publication of the details in the certificate) is required.
> -- 
> Regards 
> Signer: 	Eddy Nigg, COO/CTO
>  	StartCom Ltd.
> XMPP: 	startcom at startcom.org
> Blog: 	Join the Revolution!
> Twitter: 	Follow Me
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150320/57c8de25/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7152 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150320/57c8de25/attachment-0001.p7s>

More information about the Public mailing list