Wildcards are not permitted in the new Extended Validation certificates.
-----Original Message-----
From: Jeffrey Hutzelman [mailto:jhutz(_at_)cmu(_dot_)edu]
Sent: Wednesday, March 07, 2007 7:59 PM
To: Hallam-Baker, Phillip; ietf(_at_)ietf(_dot_)org
Cc: Jeffrey Hutzelman
Subject: RE: NATs as firewalls
On Wednesday, March 07, 2007 04:23:20 PM -0800 "Hallam-Baker,
Phillip"
<pbaker(_at_)verisign(_dot_)com> wrote:
We do need to revise the architecture description. Using IP
addresses
as implicit signalling
You keep using that word. I do not think it means what you
think it means.
Another instance that hit me today is the fact that existing SSL
implementations use the server IPv4 address to select which server
certificate to present to a client.
No; existing SSL server implementations assume that only one
certificate is relevant for any given transport endpoint.
Which, for the vast majority of uses, would not be that big a
deal except that a certain vendor which dominates the
well-known-CA market(*) sees a revenue opportunity in
wildcard certificates, much as ISP's see a revenue
opportunity in residential customers who need multiple
non-NAT'd addresses.
(*) To be fair, pretty much _every_ vendor does this.
-- Jeff
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf