On 10/20/2010 08:28 PM, From Hodges, Jeff:
o Move away from including and checking strings that look like
domain names in the subject's Common Name.
I applaud this recommendation since this has never been part of the standard in first place and only was meant as a temporary bridge during moving from x.509 version 2 to version 3.
o Move away from the issuance of so-called wildcard certificates
(e.g., a certificate containing an identifier for
"*.example.com").
However I'm not sure why wild cards should be prohibited, since this is perfectly standard compliant. There are valid use-cases for wild cards and in fact some of the biggest companies on the Internet are prevented from using EV certificates exactly because of this prohibition (to use wild cards with EV). I suggest to reconsider this recommendation.
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP: [email protected] <xmpp:[email protected]>
Blog: Join the Revolution! <http://blog.startcom.org>
Twitter: Follow Me <http://twitter.com/eddy_nigg>
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
