Adam Back <a...@cypherspace.org> writes: >I wonder what that even means. *.com issued by a sub-CA? that private key >is a massive risk if so! I wonder if a *.com is even valid according to >browsers. Or * that would be funny.
No idea, but remember that it's not "general-purpose browsers", it's "cellphone browsers" that historically have been crufty little custom apps with who knows what behaviour. Also, the phone's entire worldview is what the cell site it's connected to wants it to be. For example if the telco wants to reactivate an expired cert they can just make it be 2006 again. Or block access to CRLs (do mobile browsers even check these?). Or return '3' in response to an OSCP query (assuming mobile browsers do OCSP). Peter. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography