[cabfpub] EV Wildcards

Geoff Keating geoffk at apple.com
Thu Mar 26 21:59:09 UTC 2015

> On 26 Mar 2015, at 8:46 am, Dean Coclin <Dean_Coclin at symantec.com> wrote:
> We disagree with this line of thinking. Today someone can pay a few dollars and secure *.example.com <http://example.com/>, where the result is [high-risk].example.com <http://example.com/> with the most limited form of authentication. However a legitimate organization that successfully passes EV verification cannot order that same certificate. This makes zero sense — in fact, since the concern is with the exploit, this logic means that wildcards would be forced to the least authenticated customers.  Hence we would support wildcards for EV certs.

I don’t believe this is correct; a legitimate organization that passes EV verification can order that same certificate, and no further validation is required.  What they can’t do is get it marked as EV.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150326/9f8927e6/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4103 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150326/9f8927e6/attachment-0001.p7s>

More information about the Public mailing list