Yes, this is true in theory, but I want to know how you're going
to get VeriSign to issue you a certificate with subjectAltNames
corresponding to a bunch of unrelated domains. And remember
that ever time the ISP gets a new customer they have to get a new
cert from VeriSign with yet another subjectAltName? This seems
impractical.
If you are talking about TLS certs (not S/MIME certs) then the ISP can
issue them to the customer directly (be a CA for connections from their
customers over TLS connections). I have read that the customer can be
given instructions on how to add the ISP cert as a trusted CA for that
usage on M$ products.
I have no idea how to get M$ products to use that cert :-)
as I do not use M$ products. I know how to do that on Unix.
--
Doug Royer | http://INET-Consulting.com
-------------------------------|-----------------------------
Doug(_at_)Royer(_dot_)com | Office: (208)612-INET
http://Royer.com/People/Doug | Fax: (866)594-8574
| Cell: (208)520-4044
We Do Standards - You Need Standards
smime.p7s
Description: S/MIME Cryptographic Signature